mirror of
https://github.com/Mr-xn/Penetration_Testing_POC.git
synced 2025-06-20 09:50:19 +00:00
450 lines
1.6 MiB
HTML
450 lines
1.6 MiB
HTML
|
<!DOCTYPE html> <html class style><!--
|
|||
|
|
Page saved with SingleFile
|
|||
|
|
url: https://forum.butian.net/share/2916
|
|||
|
|
--><meta charset=utf-8>
|
|||
|
|
<meta http-equiv=X-UA-Compatible content="IE=edge">
|
|||
|
|
<meta name=viewport content="width=device-width, initial-scale=1">
|
|||
|
|
<meta name=csrf-token content=VD0owLiLrat8LaN2vBAqJtnLFngrtZgXtzYM7DqG>
|
|||
|
|
<title>奇安信攻防社区-Ognl小trick</title>
|
|||
|
|
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
|
|||
|
|
<meta name=description content=奇安信攻防社区-Ognl小trick>
|
|||
|
|
<meta name=author content="QIANXIN Team">
|
|||
|
|
<meta name=copyright content="2021 QIANXIN.com">
|
|||
|
|
<style>@media(max-width:767px){}</style>
|
|||
|
|
<style>/*!
|
|||
|
|
* Bootstrap v3.4.1 (https://getbootstrap.com/)
|
|||
|
|
* Copyright 2011-2019 Twitter, Inc.
|
|||
|
|
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
|||
|
|
*//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}a:active,a:hover{outline:0}img{border:0}textarea{color:inherit;font:inherit;margin:0}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}:after,:before{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{-webkit-tap-highlight-color:rgba(0,0,0,0)}a:focus,a:hover{color:#23527c;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}img{vertical-align:middle}h1,h2,h3{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h3{margin-top:20px;margin-bottom:10px}h3{font-size:24px}p{margin:0 0 10px}@media(min-width:768px){}ul{margin-top:0;margin-bottom:10px}@media(min-width:768px){}code{color:#c7254e}pre{display:block;margin:0 0 10px;color:#333;word-break:break-all;border:1px solid #ccc}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media(min-width:768px){.container{width:750px}}@media(min-width:992px){.container{width:970px}}@media(min-width:1200px){.container{width:1170px}}.row{margin-right:-15px;margin-left:-15px}.col-xs-12{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-12{float:left}.col-xs-12{width:100%}@media(min-width:768px){}@media(min-width:992px){.col-md-9{float:left}.col-md-9{width:75%}}@media(min-width:1200px){}@media screen and (max-width:767px){}@media screen and (-webkit-min-device-pixel-ratio:0){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(max-device-width:480px) and (orientation:landscape){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(max-width:767px){}@media(min-width:768px){}@media(min-width:768px){}@media(max-width:767px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(max-width:767px){}@media(max-width:767px){}@media screen and (min-width:768px){}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@media(min-width:768px){}@media(min-width:992px){}@media all and (transform-3d),(-webkit-transform-3d){}@media screen and (min-width:768px){}.btn-group-vertical>.btn-group:after,.btn-group-vertical>.btn-group:before,.btn-toolbar:after,.btn-toolbar:before,.clearfix:after,.clearfix:before,.container-fluid:after,.container-fluid:before,.container:after,.container:before,.dl-horizontal dd:after,.dl-horizontal dd:before,.form-horizontal .form-group:after,.form-horizontal .form-group:before,.modal-footer:after,.modal-footer:before,.modal-header:after,.modal-header:before,.nav:after,.nav:before,.navbar-collapse:after,.navbar-collapse:before,.navbar-header:after,.navbar-header:before,.navbar:after,.navbar:before,.pager:after,.pager:before,.panel-body:after,.panel-body:before,.row:after,.row:before{display:table;content:" "}.btn-group-vertical>.btn-group:after,.btn-toolbar:after,.clearfix:after,.container-fluid:after,.container:after,.dl-horizontal dd:after,.form-horizontal .form-group:after,.modal-footer:after,.modal-header:after,.nav:after,.navbar-collapse:after,.navbar-header:after,.navbar:after,.pager:after,.panel-body:after,.row:after{clear:both}@-ms-viewport{width:device-width}@media(max-width:767px){}@media(max-width:767px){}@media(max-width:767px){}@media(max-width:767px){}@media(min-width:768px) and (max-width:991px){}@media(min-width:768px) and (max
|
|||
|
|
<style>/*!
|
|||
|
|
* Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
|
|||
|
|
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
|
|||
|
|
*/@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}</style>
|
|||
|
|
<style>@media(min-width:1200px){}@media(min-width:768px){}@media(max-width:767px){}@media(max-width:767px){}pre{white-space:pre-wrap}@media(min-width:768px){}@media(min-width:992px){}@media(min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mt-10{margin-top:10px}.taglist-inline{list-style:none;padding:0;font-size:0}.taglist-inline li{padding:0;font-size:13px}.taglist-inline>li{display:inline-block;margin-right:5px}.taglist-inline>li:last-child{margin-right:0}.widget-article .quote{padding:25px;background:#f3f5f9;line-height:24px;overflow:hidden}@media(min-width:768px){}.word-wrap{word-wrap:break-word;word-break:normal}::-webkit-scrollbar{width:6px;height:6px}::-webkit-scrollbar-thumb{background-color:#e4e6eb;outline:0;border-radius:2px}::-webkit-scrollbar-track{box-shadow:none;border-radius:2px}</style>
|
|||
|
|
<style>a{text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}@media(max-width:767px){}@media(max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#e7f2ed;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}</style>
|
|||
|
|
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}pre code.hljs{overflow-x:auto}.hljs{color:#000}.hljs-keyword{color:#00f}.hljs-string,.hljs-title{color:#a31515}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#ffebe9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#fff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body a{background-color:transparent;color:var(--color-accent-fg);text-decoration:none}.markdown-body a:active,.markdown-body a:hover{outline-width:0}.markdown-body h1{margin:.67em 0;padding-bottom:.3em;font-size:2em;border-bottom:1px solid var(--color-border-muted)}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body a:hover{text-decoration:underline}.markdown-body h1,.markdown-body h2,.markdown-body h3{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.markdown-body h2{font-weight:600;padding-bottom:.3em;font-size:1.5em;border-bottom:1px solid var(--color-border-muted)}.markdown-body h3{font-weight:600;font-size:1.25em}.markdown-body ul{padding-left:2em}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body pre{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace;word-wrap:normal}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0 !impor
|
|||
|
|
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
|
|||
|
|
<!--[if lt IE 9]>
|
|||
|
|
<script src="/static/js/html5shiv.min.js"></script>
|
|||
|
|
<script src="/static/js/respond.min.js"></script>
|
|||
|
|
<![endif]-->
|
|||
|
|
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
|
|||
|
|
* Waves v0.7.5
|
|||
|
|
* http://fian.my.id/Waves
|
|||
|
|
*
|
|||
|
|
* Copyright 2014-2016 Alfiana E. Sibuea and other contributors
|
|||
|
|
* Released under the MIT license
|
|||
|
|
* https://github.com/fians/Waves/blob/master/LICENSE
|
|||
|
|
*/</style><style>@media(max-height:620px){}@media(max-height:783px){}@-webkit-keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}@keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}</style><style>@-webkit-keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@media(pointer:coarse){}</style><style>:root{--sr-annote-color-0:#b4d9fb;--sr-annote-color-1:#ffeb3b;--sr-annote-color-2:#a2e9f2;--sr-annote-color-3:#a1e0ff;--sr-annote-color-4:#a8ea68;--sr-annote-color-5:#ffb7da}</style><style>@-webkit-keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@-webkit-keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes fadeOut{0%{opacity:1}to{opacity:0}}@keyframes fadeOut{0%{opacity:1}to{opacity:0}}@-webkit-keyframes fadeIn{0%{opacity:0}to{opacity:1}}@keyframes fadeIn{0%{opacity:0}to{opacity:1}}@-webkit-keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:transl
|
|||
|
|
* Font Awesome Free 5.14.0 by @fontawesome - https://fontawesome.com
|
|||
|
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
|||
|
|
*/</style><style>/*!
|
|||
|
|
* Font Awesome Free 5.14.0 by @fontawesome - https://fontawesome.com
|
|||
|
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
|||
|
|
*/</style><style>/*!
|
|||
|
|
* Font Awesome Free 5.14.0 by @fontawesome - https://fontawesome.com
|
|||
|
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
|||
|
|
*/</style><style>/*!
|
|||
|
|
* Font Awesome Free 5.14.0 by @fontawesome - https://fontawesome.com
|
|||
|
|
* License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)
|
|||
|
|
*/@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}</style><meta name=referrer content=no-referrer><link rel=icon href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIEAAACBCAMAAADQfiliAAAAY1BMVEVHcEzNAA/NAA8GNpMGNpPNAA8GNpMGNpPNAA8GNpPNAA/NAA/NAA8GNpMGNpMGNpMGNpMGNpMGNpMGNpMGNpPNAA/NAA/NAA/NAA/NAA8GNpPNAA/NAA/NAA8GNpMGNpPNAA8QvAnvAAAAH3RSTlMAEOCgEKAgQEDwYPAgwIDg0DBgcLCwwFAw0FCAcJCQbb0zfgAAAAlwSFlzAAALEgAACxIB0t1+/AAABD9JREFUeJztmt12qjAQhQEFiiIoakErhvd/yrOACEnIJDFM4OLw3bWFld2ZzUz+vI3/no2NjSXZF2uHO4tWFrA/rSzA211XFhCRtZNwO68sICZrJ+G0dhJisnYS8rWTUJC1k5CvnYSMLJCEMoX/tk+cJ6Gqj4Hizxlxm4SqDpqm+YMfiBKXSUhfj6ZDkYQdcZYE/zN809zhpyLiKAn+4d6MlPCDN+IkCWXYsCh8GBNCyAk5C2V4bHgUPjyRjmyPNnxvfQHYh09CyZ8ow6ey4ZU+zMnA/FSko/UFYB8WhCHJ5gzvH36B4VU+3OeEI4+th7+Dwyt9mBGRm00qptYX8KE325YkYpGKH/XwTROCr05D0PJ1JrQKfqA3I6kAfAWwD3cLKXhBLwIhwFcA+vC0kALQhzEgAF0B6EMoBNgKQB8+IQHYCkAf5kspgHxY8KOenSmAfMi1pNs1KpwpgHw41ON8185MLs6yAPmQtqTz9cL+6ELBAXjnTUhyK4apIf9hYio4Aj6M8jc7zNvdtwD3ZRaxMmAqqEzev4jTFEQFD5PX92fiTgHkQ46bKABRAeRDjutEAKICEx/KWjSeAgMfyibLeApMfDhxIaoCAx/Kp6pYCgx8WEgFoCnQ+3BSipAVKLauesRVK7aCX+1701KEq0DmQy4s8jUjnoKj+JR/uB9ZVeBqAUtBzT1S/T2ExESAC/EUjAH3y5DuLTFzxmlDxFbw+XfT133yOw9eNfdcvlXgQz4s+Y01JgRAKaJ8K8DzZD5MD3dha4epUBelABQFD8m23ugMsBT1JN8rgLfx5CEAF809FgfgoYEApk+91QLI7nsFLwMF45YivGqnWOz0azfT2BBADXHk649RakWRYRdBWYo6LIzoecot3YZbwCpLka0NPO+gUzC0JMncXMTqOoysKkpDoGiIQxLszlo03+OnHkvn5hhJ0H0NQ0vSutDyS2iBDle4EOhKEbEriD0qL34OmdQNkWJ7xqIMAm1J+lI0JwQqJ9CWpC9FZFYIFFWJhgCcm7PcZgjwUuCsibYkeG7OYFkLPsg7JG1JBqXIthwySCcqfQhUc/ORWTlo8SV5CPoQGLkwn3/2XU0V9C1J3xBbE9hWQ5ZJXepbklEpmm2CnloWAs3cnDLr0JuBb5JdS9LMzSmWLVEnoWtJmrk5tgBOQhcCo1KEKYCVUJnMzfEFjBJC04b4RhYwfJSpYUN0cVO7PNIQGJSiZE5Dhqn7lmQwNz87upAWdC3JoBTt8O5BcVRdCPRz8wTnEpSEulsoaj9E7MtoDEHfki7Kcpg4vJlaDQvFAu4JVveOTKnHheI+k5vB+u6VGQG3dympCfPun+kphX31SJyoI15FlBNOjvxj1pI799fDj5LbiB8NyXuB6+ml/HSl1ZA7j39HCB0wxc4qoECgPWByTKW4lrsMfybH3U4BL4FtbGxsbKDhed4/toAFv6EfLCYAAAAASUVORK5CYII="><link rel=canonical href=https://forum.butian.net/share/2916><meta http-equiv=content-security-policy content="default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;"><style>img[src="data:,"],source[src="data:,"]{display:none!important}</style></head>
|
|||
|
|
<body>
|
|||
|
|
<div class="global-nav mb-50" style="display:none !important">
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
<div class="top-alert mt-60 clearfix text-center" style="display:none !important">
|
|||
|
|
<!--[if lt IE 9]>
|
|||
|
|
<div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>,放学别走,升级完浏览器再说
|
|||
|
|
<a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
|
|||
|
|
</div>
|
|||
|
|
<![endif]-->
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
<div class=wrap>
|
|||
|
|
<div class=container>
|
|||
|
|
<div class="row mt-10">
|
|||
|
|
<div class="col-xs-12 col-md-9 main">
|
|||
|
|
<div class=widget-article>
|
|||
|
|
<h3 class="title word-wrap">Ognl小trick</h3>
|
|||
|
|
<ul class=taglist-inline>
|
|||
|
|
<li class=tagPopup><a class=tag href=https://forum.butian.net/topic/48>漏洞分析</a></li>
|
|||
|
|
</ul>
|
|||
|
|
<div class="content mt-10">
|
|||
|
|
<div class="quote mb-20">
|
|||
|
|
小trick一则
|
|||
|
|
</div>
|
|||
|
|
<textarea id=md_view_content style=display:none>OGNL小trick
|
|||
|
|
==========
|
|||
|
|
|
|||
|
|
什么是OGNL表达式
|
|||
|
|
----------
|
|||
|
|
|
|||
|
|
OGNL 是 Object-Graph Navigation Language(对象图导航语言)OGNL 最初是作为 WebWork 框架的一部分开发的,现在已成为 Apache Struts2 的一个关键组件(这也就是为什么Struts2中的OGNL表达式漏洞这么多),并被用于其他各种 Java 框架。
|
|||
|
|
|
|||
|
|
对象图导航
|
|||
|
|
-----
|
|||
|
|
|
|||
|
|
OGNL的核心就在于`对象图导航`这个概念,其实和数据结构中的图和很相似,再OGNL或者面向对象编程语言中:以引用作为边,对象作为节点,对象可以包含其他对象(组合)或与其他对象产生关联(聚合),从而在更大的对象图中形成子图。
|
|||
|
|
以一段简单的代码作为解释:
|
|||
|
|
|
|||
|
|
```java
|
|||
|
|
public class ObjectGraphDemo {
|
|||
|
|
|
|||
|
|
class People{
|
|||
|
|
Car car;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
class Car{
|
|||
|
|
String carName = "BMW";
|
|||
|
|
House house;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
class House{
|
|||
|
|
String houseName = "MyHouse";
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public void printPeopleInfo(){
|
|||
|
|
People people = new People();
|
|||
|
|
System.out.println(people.car.carName);
|
|||
|
|
System.out.println(people.car.house.houseName);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
我们设定好了三个类,分别叫`People`、`Car`还有`House`,通过这三个类的引用,我们就可以体会到以引用作为边,对象作为节点的这么一种设计理念。
|
|||
|
|
|
|||
|
|
OGNL中都有什么
|
|||
|
|
---------
|
|||
|
|
|
|||
|
|
想知道OGNL都有什么,不如直接点进去看看,我们都知道再`ognl.Ognl.getValue()`方法处会触发RCE漏洞,那么也就是看在这里`getValue`方法接受了什么参数(其实更简单的办法是去问问GPT):
|
|||
|
|
这里我将所有的`getValue`全都拷贝过来了,看起来很多其实全都是重载方法进行互相调用,通过看这些代码发现必不可少的三样东西是`expression`、`context`和`root`,这也就是我们说的OGNL的三要素,其实这些东西网上很多人都分析过了,之所以这么啰嗦还是为了自己能够更好地理解。
|
|||
|
|
|
|||
|
|
```java
|
|||
|
|
public static Object getValue(Object tree, Map context, Object root) throws OgnlException {
|
|||
|
|
return getValue((Object)tree, (Map)context, root, (Class)null);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static Object getValue(Object tree, Map context, Object root, Class resultType) throws OgnlException {
|
|||
|
|
OgnlContext ognlContext = (OgnlContext)addDefaultContext(root, context);
|
|||
|
|
Node node = (Node)tree;
|
|||
|
|
Object result;
|
|||
|
|
if (node.getAccessor() != null) {
|
|||
|
|
result = node.getAccessor().get(ognlContext, root);
|
|||
|
|
} else {
|
|||
|
|
result = node.getValue(ognlContext, root);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if (resultType != null) {
|
|||
|
|
result = getTypeConverter(context).convertValue(context, root, (Member)null, (String)null, result, resultType);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return result;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static Object getValue(ExpressionAccessor expression, OgnlContext context, Object root) {
|
|||
|
|
return expression.get(context, root);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static Object getValue(ExpressionAccessor expression, OgnlContext context, Object root, Class resultType) {
|
|||
|
|
return getTypeConverter(context).convertValue(context, root, (Member)null, (String)null, expression.get(context, root), resultType);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static Object getValue(String expression, Map context, Object root) throws OgnlException {
|
|||
|
|
return getValue((String)expression, (Map)context, root, (Class)null);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static Object getValue(String expression, Map context, Object root, Class resultType) throws OgnlException {
|
|||
|
|
return getValue(parseExpression(expression), context, root, resultType);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static Object getValue(Object tree, Object root) throws OgnlException {
|
|||
|
|
return getValue((Object)tree, (Object)root, (Class)null);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static Object getValue(Object tree, Object root, Class resultType) throws OgnlException {
|
|||
|
|
return getValue(tree, createDefaultContext(root), root, resultType);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static Object getValue(String expression, Object root) throws OgnlException {
|
|||
|
|
return getValue((String)expression, (Object)root, (Class)null);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static Object getValue(String expression, Object root, Class resultType) throws OgnlException {
|
|||
|
|
return getValue(parseExpression(expression), root, resultType);
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
那么接下来逐步了解OGNL三要素是什么。
|
|||
|
|
|
|||
|
|
### expression
|
|||
|
|
|
|||
|
|
表达式是OGNL的核心,OGNL的内容都是从表达式出发的,表达式规定了程序在解析后需要做什么操作。
|
|||
|
|
|
|||
|
|
### root
|
|||
|
|
|
|||
|
|
root对象在OGNL中可以看作是一个节点,当表达式被解析后对谁进行操作,这其中的“谁”就是root。
|
|||
|
|
|
|||
|
|
### context
|
|||
|
|
|
|||
|
|
context上下文,是一个Map类型的数据结构,包含OGNL表达式执行时候的上下文(root也在其中)。
|
|||
|
|
为了更好地了解,我在demo中提供了一个setinfo接口,可以方便观察root和非root节点在使用OGNL表达式时候的差异。
|
|||
|
|
|
|||
|
|
OGNL的使用
|
|||
|
|
-------
|
|||
|
|
|
|||
|
|
### 基本使用
|
|||
|
|
|
|||
|
|
我在demo中留了一个例子来测试OGNL表达式,那么接下来就来熟悉一下OGNL表达式的用法吧:
|
|||
|
|
OGNL的语法和Java很像,基本上熟悉了Java就能简单使用OGNL表达式。
|
|||
|
|
OGNL中可以使用的操作符+, -, \*, /, ++, --, ==, !=, =,mod, in, not in
|
|||
|
|
对于非`root`自定义对象,我们可以通过`.`来链接,就和Java中一样,比如我要访问`people1`中的`car`的`carName`字段,只需要使用`#people1.car.carName`就可以访问了。
|
|||
|
|
对于`root`对象也一样,只不过因为`root`只有一个,所以不需要加`root`的名字就可以。
|
|||
|
|
|
|||
|
|
### 引用静态资源
|
|||
|
|
|
|||
|
|
要引用类的静态方法和字段,他们的表达方式是一样的`@class@member`或者`@class@method(args)`。
|
|||
|
|
比如我们最喜欢的弹计算器操作,其实就可以写成`@java.lang.Runtime@getRuntime().exec("calc")`。
|
|||
|
|
通过`@java.lang.Runtime`访问`Runtime`类,然后通过`@getRuntime().exec("calc")`拿到`Runtime`实例并执行命令。
|
|||
|
|
|
|||
|
|
|
|||
|
|
### 数组、Map、容器
|
|||
|
|
|
|||
|
|
OGNL支持对数组、Map、容器进行操作,如我在`People`类中新增了一个数组:
|
|||
|
|
|
|||
|
|
```java
|
|||
|
|
public static class People {
|
|||
|
|
public Car car = new Car();
|
|||
|
|
public String[] stratt = new String[]{"1", "2", "3"};
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
同样的对于前文的`root`和`非root`节点,只需要分别用以下表达式去访问
|
|||
|
|
root:stratt\[1\]读取
|
|||
|
|
|
|||
|
|
非root:#people1.stratt\[2\]
|
|||
|
|
|
|||
|
|
也可以用Java中类似的方式新建数组并且访问:
|
|||
|
|
`new java.lang.String[]{"a","b","c"}[1]`
|
|||
|
|
`new String[]{"a","b","c"}[2]`
|
|||
|
|
这两种方法都是可以的。
|
|||
|
|
|
|||
|
|
Map同理,可以使用key的值来直接访问value
|
|||
|
|
`#{"A":"a","B":"b","C":"c"}["B"]`
|
|||
|
|
|
|||
|
|
|
|||
|
|
### 选择和投影
|
|||
|
|
|
|||
|
|
这段就作为一个了解吧,我直接复制了milktea师傅的文章中的一部分:
|
|||
|
|
OGNL支持类似数据库中的投影(projection) 和选择(selection)。
|
|||
|
|
投影就是选出集合中每个元素的相同属性组成新的集合,类似于关系数据库的字段操作。投影操作语法为 collection.{XXX},其中XXX是这个集合中每个元素的公共属性。
|
|||
|
|
例如:`group.userList.{username}`将获得某个`group`中的所有`user`的`name`的列表。
|
|||
|
|
选择就是过滤满足`selection`条件的集合元素,类似于关系数据库的纪录操作。选择操作的语法为:`collection.{X YYY}`,其中`X`是一个选择操作符,后面则是选择用的逻辑表达式。而选择操作符有三种:
|
|||
|
|
|
|||
|
|
- ?选择满足条件的所有元素
|
|||
|
|
- ^选择满足条件的第一个元素
|
|||
|
|
- $选择满足条件的最后一个元素
|
|||
|
|
|
|||
|
|
例如:`group.userList.{? #txxx.xxx != null}`将获得某个`group`中`user`的`name`不为空的`user`的列表。
|
|||
|
|
|
|||
|
|
Invocation.class
|
|||
|
|
----------------
|
|||
|
|
|
|||
|
|
那天在公司审代码,发现mybatis中频繁使用了`setAccessable()`,跟进去发现了这么一个类,正好也是闲的,就用它写了个弹计算器,心想也没啥用。
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
配合ognl
|
|||
|
|
------
|
|||
|
|
|
|||
|
|
后来闲的没事突然想这东西能不能写进ognl里面然后绕过反射的限制呢?好巧不巧第二天Umbrella让我助他SSTI,这个trick就有用了么这不。
|
|||
|
|
|
|||
|
|
在ognl中通过forname()可以判断有没有这个类,也就是判断用没用mybatis。
|
|||
|
|
图不放了,遇到有可能的环境大家自行查看就好。
|
|||
|
|
|
|||
|
|
有的那么就尝试构造个表达式获取一下runtime实例,绕过防护试试。
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
线上同样不放图了,被警告了,使用的话是可以成功的,那就试试直接r呢?
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
具体描述和测试用例放在https://github.com/springkill/Ognl-Test 感兴趣自取。</textarea>
|
|||
|
|
<div id=layer-photos-demo>
|
|||
|
|
<div id=md_view><div class=markdown-body><h1 blockindex=0>OGNL小trick</h1>
|
|||
|
|
<h2 blockindex=1>什么是OGNL表达式</h2>
|
|||
|
|
<p blockindex=2>OGNL 是 Object-Graph Navigation Language(对象图导航语言)OGNL 最初是作为 WebWork 框架的一部分开发的,现在已成为 Apache Struts2 的一个关键组件(这也就是为什么Struts2中的OGNL表达式漏洞这么多),并被用于其他各种 Java 框架。</p>
|
|||
|
|
<h2 blockindex=3>对象图导航</h2>
|
|||
|
|
<p blockindex=4>OGNL的核心就在于<code>对象图导航</code>这个概念,其实和数据结构中的图和很相似,再OGNL或者面向对象编程语言中:以引用作为边,对象作为节点,对象可以包含其他对象(组合)或与其他对象产生关联(聚合),从而在更大的对象图中形成子图。<br>
|
|||
|
|
以一段简单的代码作为解释:</p>
|
|||
|
|
<pre blockindex=5><code class="hljs language-java"><span class=hljs-keyword>public</span> <span class=hljs-class><span class=hljs-keyword>class</span> <span class=hljs-title>ObjectGraphDemo</span> </span>{
|
|||
|
|
|
|||
|
|
<span class=hljs-class><span class=hljs-keyword>class</span> <span class=hljs-title>People</span></span>{
|
|||
|
|
Car car;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-class><span class=hljs-keyword>class</span> <span class=hljs-title>Car</span></span>{
|
|||
|
|
String carName = <span class=hljs-string>"BMW"</span>;
|
|||
|
|
House house;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-class><span class=hljs-keyword>class</span> <span class=hljs-title>House</span></span>{
|
|||
|
|
String houseName = <span class=hljs-string>"MyHouse"</span>;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>void</span> <span class=hljs-title>printPeopleInfo</span><span class=hljs-params>()</span></span>{
|
|||
|
|
People people = <span class=hljs-keyword>new</span> People();
|
|||
|
|
System.out.println(people.car.carName);
|
|||
|
|
System.out.println(people.car.house.houseName);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
}
|
|||
|
|
</code></pre>
|
|||
|
|
<p blockindex=6>我们设定好了三个类,分别叫<code>People</code>、<code>Car</code>还有<code>House</code>,通过这三个类的引用,我们就可以体会到以引用作为边,对象作为节点的这么一种设计理念。</p>
|
|||
|
|
<h2 blockindex=7>OGNL中都有什么</h2>
|
|||
|
|
<p blockindex=8>想知道OGNL都有什么,不如直接点进去看看,我们都知道再<code>ognl.Ognl.getValue()</code>方法处会触发RCE漏洞,那么也就是看在这里<code>getValue</code>方法接受了什么参数(其实更简单的办法是去问问GPT):<br>
|
|||
|
|
这里我将所有的<code>getValue</code>全都拷贝过来了,看起来很多其实全都是重载方法进行互相调用,通过看这些代码发现必不可少的三样东西是<code>expression</code>、<code>context</code>和<code>root</code>,这也就是我们说的OGNL的三要素,其实这些东西网上很多人都分析过了,之所以这么啰嗦还是为了自己能够更好地理解。</p>
|
|||
|
|
<pre blockindex=9><code class="hljs language-java"><span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> Object <span class=hljs-title>getValue</span><span class=hljs-params>(Object tree, Map context, Object root)</span> <span class=hljs-keyword>throws</span> OgnlException </span>{
|
|||
|
|
<span class=hljs-keyword>return</span> getValue((Object)tree, (Map)context, root, (Class)<span class=hljs-keyword>null</span>);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> Object <span class=hljs-title>getValue</span><span class=hljs-params>(Object tree, Map context, Object root, Class resultType)</span> <span class=hljs-keyword>throws</span> OgnlException </span>{
|
|||
|
|
OgnlContext ognlContext = (OgnlContext)addDefaultContext(root, context);
|
|||
|
|
Node node = (Node)tree;
|
|||
|
|
Object result;
|
|||
|
|
<span class=hljs-keyword>if</span> (node.getAccessor() != <span class=hljs-keyword>null</span>) {
|
|||
|
|
result = node.getAccessor().get(ognlContext, root);
|
|||
|
|
} <span class=hljs-keyword>else</span> {
|
|||
|
|
result = node.getValue(ognlContext, root);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-keyword>if</span> (resultType != <span class=hljs-keyword>null</span>) {
|
|||
|
|
result = getTypeConverter(context).convertValue(context, root, (Member)<span class=hljs-keyword>null</span>, (String)<span class=hljs-keyword>null</span>, result, resultType);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-keyword>return</span> result;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> Object <span class=hljs-title>getValue</span><span class=hljs-params>(ExpressionAccessor expression, OgnlContext context, Object root)</span> </span>{
|
|||
|
|
<span class=hljs-keyword>return</span> expression.get(context, root);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> Object <span class=hljs-title>getValue</span><span class=hljs-params>(ExpressionAccessor expression, OgnlContext context, Object root, Class resultType)</span> </span>{
|
|||
|
|
<span class=hljs-keyword>return</span> getTypeConverter(context).convertValue(context, root, (Member)<span class=hljs-keyword>null</span>, (String)<span class=hljs-keyword>null</span>, expression.get(context, root), resultType);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> Object <span class=hljs-title>getValue</span><span class=hljs-params>(String expression, Map context, Object root)</span> <span class=hljs-keyword>throws</span> OgnlException </span>{
|
|||
|
|
<span class=hljs-keyword>return</span> getValue((String)expression, (Map)context, root, (Class)<span class=hljs-keyword>null</span>);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> Object <span class=hljs-title>getValue</span><span class=hljs-params>(String expression, Map context, Object root, Class resultType)</span> <span class=hljs-keyword>throws</span> OgnlException </span>{
|
|||
|
|
<span class=hljs-keyword>return</span> getValue(parseExpression(expression), context, root, resultType);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> Object <span class=hljs-title>getValue</span><span class=hljs-params>(Object tree, Object root)</span> <span class=hljs-keyword>throws</span> OgnlException </span>{
|
|||
|
|
<span class=hljs-keyword>return</span> getValue((Object)tree, (Object)root, (Class)<span class=hljs-keyword>null</span>);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> Object <span class=hljs-title>getValue</span><span class=hljs-params>(Object tree, Object root, Class resultType)</span> <span class=hljs-keyword>throws</span> OgnlException </span>{
|
|||
|
|
<span class=hljs-keyword>return</span> getValue(tree, createDefaultContext(root), root, resultType);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> Object <span class=hljs-title>getValue</span><span class=hljs-params>(String expression, Object root)</span> <span class=hljs-keyword>throws</span> OgnlException </span>{
|
|||
|
|
<span class=hljs-keyword>return</span> getValue((String)expression, (Object)root, (Class)<span class=hljs-keyword>null</span>);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-function><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> Object <span class=hljs-title>getValue</span><span class=hljs-params>(String expression, Object root, Class resultType)</span> <span class=hljs-keyword>throws</span> OgnlException </span>{
|
|||
|
|
<span class=hljs-keyword>return</span> getValue(parseExpression(expression), root, resultType);
|
|||
|
|
}
|
|||
|
|
</code></pre>
|
|||
|
|
<p blockindex=10>那么接下来逐步了解OGNL三要素是什么。</p>
|
|||
|
|
<h3 blockindex=11>expression</h3>
|
|||
|
|
<p blockindex=12>表达式是OGNL的核心,OGNL的内容都是从表达式出发的,表达式规定了程序在解析后需要做什么操作。</p>
|
|||
|
|
<h3 blockindex=13>root</h3>
|
|||
|
|
<p blockindex=14>root对象在OGNL中可以看作是一个节点,当表达式被解析后对谁进行操作,这其中的“谁”就是root。</p>
|
|||
|
|
<h3 blockindex=15>context</h3>
|
|||
|
|
<p blockindex=16>context上下文,是一个Map类型的数据结构,包含OGNL表达式执行时候的上下文(root也在其中)。<br>
|
|||
|
|
为了更好地了解,我在demo中提供了一个setinfo接口,可以方便观察root和非root节点在使用OGNL表达式时候的差异。</p>
|
|||
|
|
<h2 blockindex=17>OGNL的使用</h2>
|
|||
|
|
<h3 blockindex=18>基本使用</h3>
|
|||
|
|
<p blockindex=19>我在demo中留了一个例子来测试OGNL表达式,那么接下来就来熟悉一下OGNL表达式的用法吧:<br>
|
|||
|
|
OGNL的语法和Java很像,基本上熟悉了Java就能简单使用OGNL表达式。<br>
|
|||
|
|
OGNL中可以使用的操作符+, -, *, /, ++, --, ==, !=, =,mod, in, not in<br>
|
|||
|
|
对于非<code>root</code>自定义对象,我们可以通过<code>.</code>来链接,就和Java中一样,比如我要访问<code>people1</code>中的<code>car</code>的<code>carName</code>字段,只需要使用<code>#people1.car.carName</code>就可以访问了。<br>
|
|||
|
|
对于<code>root</code>对象也一样,只不过因为<code>root</code>只有一个,所以不需要加<code>root</code>的名字就可以。</p>
|
|||
|
|
<h3 blockindex=20>引用静态资源</h3>
|
|||
|
|
<p blockindex=21>要引用类的静态方法和字段,他们的表达方式是一样的<code>@class@member</code>或者<code>@class@method(args)</code>。<br>
|
|||
|
|
比如我们最喜欢的弹计算器操作,其实就可以写成<code>@java.lang.Runtime@getRuntime().exec("calc")</code>。<br>
|
|||
|
|
通过<code>@java.lang.Runtime</code>访问<code>Runtime</code>类,然后通过<code>@getRuntime().exec("calc")</code>拿到<code>Runtime</code>实例并执行命令。<br>
|
|||
|
|
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAvMAAAIbCAYAAABmEhE4AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3wUZf7A8c9sSe+FFBLKJgawo3T17kRRsUuzoJ4KKV6zUcVyFqSrp3dHEorlRE8EDs87G6J3egIBFQs/lYXdAAlJYJPsbkjdNr8/dlM2fZWq3/frldcLdp+deeZ5nnnmmZnvPKMMGJipajQajiVFUXC5XOh0OlRVPabrEkIIIYQQ4udCc6wH8gCqqspAXgghhBBCiKPs2I/kfWQgL4QQQgghxNF13AbzQgghhBBCiKNLBvNCCCGEEEKcomQwL4QQQgghxClK19UXLpeLhvp6PB4Vh8MJQFCQHo1GISwsDK2uy58KIYQQQgghjoNOR+R1tXVoNRquvv4G0tL7kdK3LwDlpaWUHDjAu+/8G5ochIWHBbAqI+UmaCAdQ0bo0ch790qMkJ6FGTAc73V3yUKjVaHG5b0h4tKFo4kNJrlNCk9NMZVN0b7/hVCbGIahzfdOeylWR1iX3+MwYrMn4PD9tzYiDkOnm+zNS5k2DkPUsbhB41u+JgZDdMdm5t3OpI7592OkzpLAoS634QfwKx89tdGRGIKO0rJPCr4yC445RvXak7ZtvGP5Ou2llCipXeetwcjh2oSO7babdt27tnS0Hev9pxfalYlXJ33CMdH9/n20tO0Pa9u36QYjZY39O/ShrXz7QlBUuzx6P6/z/a/Dco8J/76/Wdf981HWYORwbcpx6e+c9lJKSCadCiyexG7q5wRzGLHZU6iOjsQQ5G0T9mA9YU34Pvtxi/fUFFPhTu3V9jenjdFYqCDZ216PY52JU59iyMjym2amouwQF/zyIibfNJWoqEg+215ERVk5AMmpKQwbOQq71cqal1/gi8++oE9SYi9WY6Tc9DgfNz7M2bueIHjYimM7qC4xwqsmTBNhfeZ4JpluZcexXrffyUNnLBwxJXHNwvsZEauioqBYd7B4zr+pyIggGXCajARNW8yskTF4PKBRilmbW8DmjAQMQJPJyODZhUwxqHhUpcP31Bgxx2SzcOYIYrwLwLw2h8VfZWGI8s9LY1lfxj92H0OKlzNjne0oHMzaDm6qaLRmcM2DeZxXuZ7clbv9DqaeGiPh1y3mDyOP8OYDL/B2p4MPI3WWq7lr6XWwcS4LvjwKBz2HEXNYHotnnE+UWwXFyvann2B1fepPpLNsLbOYz/KZ/Q/7cR5o+tr4ogcYGaOCYqNo2eMt5essMzLo/he42vY8966t6Zi3BiPmM+eSP2kg+zY+yMLmOu+mXQ+gmOgbnuI3w+xsnPEi7xy3gayBq+feTebe5czacLzLGe9AJD6PmXnnEo2CAkBzn/AcmzP6HtVy8B+YeLf/qjl3M8y2kdzCb4/JgN5TakR7q7c/VFGwFf2JORsaMcRpfG3lYVaNt/LcE2+xp8OAycgR0xXcWTARw743yVvRnEcjZtPlzC6cxECPBxQF6/ZnmPuKE0Pa0arD9id6vvKalcPQaFC8lYXS3I63ZGFIOUqrBjpcBGkwcvjch1h2fTSf/fVpVlQdu8Ghs8xI1n2ruVXzKq94buHmmK0smvUuBzNCT64BvcOIOSyHxbMGY/7zfF7cPZr7nr0Oz7btxI7Mwrz8aQp/RDl5aoqJmrCA32Wa+POCt9nbzYC+Oe1vDbvZZh3BGN1Gspd9SsTYP/DsDZFsWfLYT+gYJY4Vv97rSM0Rxo2/nN/84T5KDuzj8UfmsTJ/Oa+8vJJXXl7JiuV/Zf4fH6GiooJ7Zsxm1OhR1NXWdbXsdlTcbnC5T8QUlcd43c0nD3vfYR1g7iSJ025l6Jz7GaXsYEluLnfnPsN2ZQSz5pxDvd3lHeBOW8zsUXbW5uRwd14Oa4sHMmXRJE6vbMJZYyRm+mKmZOxjbW5uh+8dDiMVidkse+SX2NZmk5eXS97afQy57RmmJdkxt71812Cl7BfXMjzaxHvLy+CoDOQNXD13MYsnRGOuiSdI+xn/+64S94BzuazS0aZMLDgc5zAyIwrP3s94Oyiom0GHB4/bjcfzI7MHgJHauht49G4dL2Vnk5eXwxvmGEbcNZUz65qoOBqr+Jlz2q2c9+AMRtvfIDc3h9x1NYyadhtn1jXhbjBSctHD3BS7jb/8xUJYhzZnob7sdO4a2w8tGtzNdd5Du7a6jvdWNlNxu924T0h/1pwFD1rdEbYvyeXu++d5+wTzQKYU3MPl5fWd9kM/RPNg47m5V5JpPU77SoOR8osfaukP83LWYxv1a3LS6zA7rFjLrmDulGi25r/IV+EdB0qeaoiddjHnhQfjbGlM3gH+7MLJxBU97W1LS3cQ9Is5zP7VIcwNRyPj7fvC5nWreADbjme4O28uM/NyyVtbzDnT/87sX1QepXVD6wn9AuaeW30Ul9sLDUZKfvEQN8UV8cSTu9j51GK2MpJp02OorzkqnfhRYqGx8kymTx+J9fX7yS8NJ1qnoHqqKFv9LVVaHUdjr1bdbtxud6+W5QGS7St44RsNHlWB8DgSPnicBdtg5F23MKhSjlGiey1HVKfDQWRUNJNuuoUvPtvOE4/MpcZux+Fw8tJr63nptfU4nS6s1ZU8+uAMdn//PTfe+ms0Oi1u1w8/olaZjH7/N5d0n8Zsqmo9SFnb/dbUm56rdQVmky3w/JR0zEuVo10a3+dOeyll1iYqMOJwXMP5Az3s2bQCU2oWhtTvWL3JhGfg+VzpqMNedyXXj4hm7+vz2ZyahSEdtv5zBzV9BjE6vQ67YxgXZEVTte2fbE7M9H6/cTu2xNO50OCg9ghcdP1wwna9zMJPDRgyYkn99J98Uh5O5qhkaGztTJ0OuGxof9TinWxKCPEOph1GbJZqDvv+zA2N1FnaHwyM1LVN09xBO6yUVdfhcLlwOevAUs0+4jhYZKJWfxpDr6iH5uU4rNSnj2BwnyCKv/wfBLn8l2nvui15aop95dlGg5HDFv+Bi6emuGV5rd9lERH7D5Y//hbFGVkYUmHz52Y80Qmku9zUN5eNvbTlt23X5f287Xq8ZeHNr+/fDW4arZVdbEtzmkbf9h5pOcHqPL/N5dW2Xur9Tor81tXg3cbwxH+xICeb2S+1vVrsX28d1uErQ4vfuo74nwD2yILbM5wBMVVs3bgD0hNJev8LTNHx9Hc1UuEbfG1bsYY96R2v0nmqrURNv4MLlWrKW640g7Oh+3Zt1/WnunAmuTl/bXNV3thFm/KWWfs25i3/5jLp6re90H4fajuA6WUZt29/js7avB8FbUQKxMd5+4Q3t2PTxpOe5QZH7/aZ5jTuBmMnbcRCo8VJrdOFy+Wktno/9fZYQmI/5/VZ08l9alfLFW//9t1m+zpdbvvy9//e49STZYinatu/2JyYSXrCu+w0RZPYz46+xML586YQV/QiKw8nd7xi6TCyr08OORcqFJv1LVfCPTV6knLGMrCqiJWragnLyCLdsoJ3v2tkwNALweHfTtq2Aae9tENb6LSv6KQvNDfEtdaWJgwS4+jja8ebim3E9BsITk+bMmy7Fl+bbW5LPbWjBjhU04TL7cbVVAllRzBrs+jznyfJzZnZclW+uc4dbcreu33ttr39ILzDcaJNPuvOIfuS/pg2FWBOjSIm9XtWfWAmZvg1XGZp7PLksqv+z/t5233Em7eO/XLH/rrbOmqwUvbL6xmhFrHhk/6ERR1Bqyuj+oiO4KwodGo1B41aaGlXXRz3OuS95z6zs23V6J3sKj1CpeZy+vW1c6S6DBQNmjSoWbkZc8wwrv9FNfXH88RMnHJa7o02NDRy5bXX4WhysDL/r/TrNxCdXt/hB0FBwaSlD2BV/l947KlFXHzxpXyw6V0iIiICXLURswnW7VWZmNH6qWn9IDIngcH3mdlk9E9TU8Sj0VfxfFwVsfdtY+dDI4lq+Wo+0aMKurwd5VK1/ssybUDJvBtDRkzv8mMywjoTpomGlrzMix7FeW1+M3HvbtSaIh6PHsV/H1zBwzGf8+eF/+awrpQqu4ZYpU2GFA0aexUHFA9qZjpx2iMYD6eAFgiKJeZ
|
|||
|
|
<h3 blockindex=22>数组、Map、容器</h3>
|
|||
|
|
<p blockindex=23>OGNL支持对数组、Map、容器进行操作,如我在<code>People</code>类中新增了一个数组:</p>
|
|||
|
|
<pre blockindex=24><code class="hljs language-java"><span class=hljs-keyword>public</span> <span class=hljs-keyword>static</span> <span class=hljs-class><span class=hljs-keyword>class</span> <span class=hljs-title>People</span> </span>{
|
|||
|
|
<span class=hljs-keyword>public</span> Car car = <span class=hljs-keyword>new</span> Car();
|
|||
|
|
<span class=hljs-keyword>public</span> String[] stratt = <span class=hljs-keyword>new</span> String[]{<span class=hljs-string>"1"</span>, <span class=hljs-string>"2"</span>, <span class=hljs-string>"3"</span>};
|
|||
|
|
}
|
|||
|
|
</code></pre>
|
|||
|
|
<p blockindex=25>同样的对于前文的<code>root</code>和<code>非root</code>节点,只需要分别用以下表达式去访问<br>
|
|||
|
|
root:stratt[1]读取<br>
|
|||
|
|
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAl4AAADqCAYAAABz5UvMAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOydeXxU5fX/3/fOZCd7AoEESCDgVrWiAlLbum9t1VbQ1rXKavv91roBotWfC7JIrd9vWw27C2pdq37bqixurcpisa6oDCSSBELWmYQkk1l/f0wOSS4ZkkkmYTvv1wvHzNy599znee6d83zuOecxgCCKokSViy++mNdee63b2xuG0avjBYN6GSuHPpFeN36/HwDTNGlu8dLsboYg+AMBEuPjSUqMJxAIYJomAIFAoMO1Ju8rSn9iP9AGKIqijpOi9ASbzXagTVCUiFF3X1EURVEUpZ8w0EeNiqIoiqIo/YIqXoqiKIqiKP2EOl6KoiiKoij9hDpeiqIoiqIo/YQ6XoqiKIqiKP2EOl6KoiiKoij9hDpeiqIoiqIo/YT91LETDrQNiqIoiqIoRwSqeCmKoiiKovQT6ngpiqIoiqL0E7pWo9JnGIaJaRoYhhFaHqHtP4qiKIpyRKKOlxJ1TNPENE38fh+Ne5ppbG4m4PXhD/rx+XwYhnGgTVQURVGUA4I6XkrUME0Tm82Gu7kZZ52TppZmbDYT0zAxDAPTNImLi4vKsXSRUUVRFOVQRB0vJSrExMTgdrewe3clLS3N2GPsxEfJybJiAD7DwObzgc3WJ8dQFEVRlL5Ag+uVXhMTE0tT0x5KS78lEPASFxeHzew7hygIIafLrvMGRVEU5dBCf7mUXhEbG4vL5aRi924GJCX134FtNgjqw0ZFURTl0EIdL6XHxMTE4HI6qaqu6l+nS1EURVEOUfRRo9Ij7HY7zc1NVFTuJiEh4UCboyiKoiiHBOp4KRFjmgZer5+du3aq0qUoiqIoEaCO12FIZWU1VVU1fbZ/m81OdWUFsbGxfXYMRVEURTkciXqMl9vdQsXuauw2k7y8wdHefbeor28gCAxISsTWT+UGPF4Prrp6fP4Aze4WCEJCQhw2m0laWspeJ6WyqoaB2Zl9ZsemjR+wZOlyvD4fv75xOtFeBN00TdzuFlq8nohqcvl8PpqbmgkEArS4PQDExcdi2kwSExKwaYaioiiKcgQQ1V+7ujoXgUCATZv+RWNjE+ecfUG/O1/19Q1ceeXPMU2Tp1Y9Q3xcbNSKdoajzunC8BvMmjOTo0ePZvRRR2G329myZQtfbdnC73//JxqbmnB88yVLl63ggbkL+sT52rTxA5546mmuuupKDANMw+TGGVOj6nyZponTWYs9AkepcU8jNtPOT376U/KGDmNIbi4AO8vKKN2xg9f/8Tdo8ZCYlBiBJQ7KisFHLvkF/RBjVuyAgkJKgPz+PnZYqnHXgdMbEq7dMUnY0+PIa7dFoMFBZXNG61/xuAcmkt/uc6+rjJqWxLCf43HgdGbgbv3TnZxBfqenHLKlwp5BfnJfCOmt+zfTyE/dd+yFznPIvvZ3wEFjZQZVYc+hB3RonxjcacnkH1ZCcGubJaT1Ub8eWrS/ntzWNml2UOIearkGQ+3X0GEv7a6zZgcVDRkdPnXHpXQ6xuX4Oxhh6Yv2x7Bew63XTXxWhzHf8b7APufT8b7Q+nkn9xelZxinjp0QlZx8cbrefmcNgwYNYteuXYwb+32GD8+Nxu67jctVz3XXXUNGRgbV1dU89dQzxMf3nfO1ffsOLrvsYh6c9yBpaakEg0F8Ph8QyvoDcDqd3HbrLE4++bv86tc3kpU1lMKRw6JqhzhdV199Jdu3FwMGI0fk8+QTT/PLX14dFecrtNSPyY4dxcTHx3frOzu+3cXZ5/6QSb+4muSUFD7asJ6KXbsAyBk8mFPHn4azro6nH1/OvzdtZmBOdjf26qCs+F4+dN/N8Z/dR/ypS/rWASp2wAsOiifCiyMuYFLxNWzq62N3cPQ6o5r64oFcMv82xqUFCGBiOjeyYPbfKC0YQB7gLXYQf8NCZo5LxR80MI3tvDC9iHUFWeQDLcUOjp21hEkjAgSC5j6fU++gJGMK828fS2oggGGYbH9hGgs/LiQ/paMt7m+HcNG8Wzi2+FFue9EZhR/p9o5cLe66Efzkzl9xcs2LzFjyVYcfpkCDgwGXLOSmcfW8cvMKXu/U+XLQWPkjpvzhUvjrLOZ9HAXny+OgZMB0Ft56MsmBIAZ1bPjDvazck3uYOF+hNpv88KWkbXqU2a+4Di7nq9lBRUNXznZ36Mwh33ciESh1EHNt6HoKYOLa8Admv+QmP8MMOV3H38myC538732v8WV6HHnSfr//CcOChCo/Y2Kz7eCV365gc/JOXCfN4eGLh7V+Bhgm5vYXmbHgK/ILYjvYWF8MWVMWcWPsKm5+vr7VLgc7is/j9sWTKAgGMYxinp++jHUFqeRTTVNxDj9ZNIsh79zM/R+FnK9Ag4O0Sxcw4+TUvcc1DBsNmx9j5ktOcgM7OX76I1w8jDa7MLG5NrFw1lK25RRGb+JyhBIVxauuzkkgEOCdd98iOzuLysoqzj7rfAYNyorG7iMiKSmRp5/+C1dffQWZmVlce+1VPPnk0wBRd75qamq5YfK1zJ8/F4DHHi1ixYrH2eooJRiEY47OZ8rUKVx33TUULf5z6DFbiyeqNgSDQT7a9CEv//VVLrn0YkrLyjjrzAux2+Gtt9dw7XVXYY+N4eorr+i182WaJs1Njd1+fFtfX8+PL76I66fNYPNHG3npL89SWlZGQ30tAMnJ6bzx+t+5/OdX8dvb7+DP//sHPvvPf0ga0J2A/SB+P/j9B6KWVx8f2+rosa/z5XU5OXn2QsYbG1k4YxnbOIrrF9zGrNllzFjyFQGzhOQbFnLLeCfPTZvJOuDs2Uu4fMEkdt7/BvXxpaRPXsjlI4p5fvq8fT53pZZSPXAKv5/zQ6qeuIbZa4Fz7mDlNX/ghl0PssKZ2uZcNDupOOdGxqZt48WinVAwoJcNUI27roCf3PlrRm39MzNfhmH2zby/pZqTTv0u59Z+yppUe2ubVONxH8+4whT8297i9bjY/fwIBwn4/RDopXkAOGhovJS7b7Pz+LRpfAmcPWsxE6+/hk3zX+erWFUG+pRmBxUn3cn//BT+evNK3uix89WZQ24dfy7y7dvZcc4cFo938vy0mazjfGYvuZ4pHy1iWY2PlIrzueP+dD5c9DCfJuV2sCUYdLJx0WweL80gPgb2qlLN4AoEgWJemLGAt5MSofF0Zi2exPzJf2T2q3tCzpXHQUn5Bdyx9DLGDUjg8zWy52rcdSdy/YJJZGxcxIzlXzNy8kPMunMs6x77goDfSdqUuxhf9xemvplGfrsB6ceAkpf51YJ/EZ8UmkSL4uV1gT9oQPEL/GrhB8QnxeNurGXk5IXMWrqUbc9NZcE+ky8lEno9fampqSMmJmav01VVVc0ZPzwL0zSJj+/bR3ydYbfbsdkMVq16DqezhoyMTK699ircbg8tLS1RO47b7SY9PYP777+XYDDIHTPv5L9+PRuv18fRR+VzzNH5NDe7mT71BtasXoPP58Pr9Ubt+ACBQICPNn3Iq3//B5dcejHFJSWMG3sGiYkxxMTEcPrpZ7JtWzG/+MXlPP/iX9m08QOCvSk6ahg07mnCNLseNl6vh5SUNCb94ko2f7SR++++A6fLibvJw+PPvsTjz76Eu9lLXU0N98y5ja+/+pJfXH0tpt2Gv1Ux7Ak1xY4Of5cU73+bkuIaSuSPOut3m7txxPJ227sit6cTW/ZJi2h93+sqo6SuhTIceFp+zCkFARyrl4VmoDlfs3K1g0DByVzY0oiz/iIuHZeK47kHWZdTSH4u/PPVjdQPPJrThjfidI/he0elUrP+NdZljQh9/soGnFnHcXqhh8YGOOPSsSR+/iTz380nvyCNnLde5b1diYwanwMtbd6L1wPnjsknWPwxazPiQz86HgfOyloqWv+VNLtprKylpEOTOmhsv01D6z49TiqcjXh9PnzeRqiuYUcwjdINDvbEjmbMBY0g+/E4aRw+jmMGxlLy8XsQ6+u4T1f4sRRocLS2ZzuaHVRUNrWNidbtKvbuUz4rJDn9Ff5872t8U1BIfg6
|
|||
|
|
非root:#people1.stratt[2]<br>
|
|||
|
|
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAmwAAAC5CAYAAACV+WOQAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOydd3xUVfr/33dKeplJJqQBgVASFhQVCUX9WlfXVVTALsu6QsCyuxZUmmVdRYp1/a0rIWBBbKjYV8W6uxZIQEWJJAgBQhISSDIz6Zl2f3/MnJRLJplJQdDzfr14hZl77rnnnnPuned8znOeo4zPmqwikfQSg8GAw+GktqEWd4sDvdGATtH13wUVBVwqGADZgyUSiUTyC6cff1ElvxYMBiMtLc1UVZWjuFWMISFHwFhzgUGRxppEIpFIfhUYfu4CSI5tjEYjjY31VFfXEBkZjaoeAQtKVcFg8P6VSCQSieRXgDTYJD3GYDTSWF+Prc5OZGTkkTHWBNJYk0gkEsmvCDklKukRer0eZ3Mz1bYawkLDjqyxJpFIJBLJrwxpsEmCRlEU3G44WH2QyIgjrKxJJBKJRPIrRBpsv0AOHqzi0KHqfsvfYDBgsx0iLDRcGmsSiUQikRwB+tyHrbm5hYrKKgx6HQMHJvd19gFRW1uHCkRFRqDX64/INR1OB3ZrLS63h6bmFlAhPDwUvV6HyRRDSEgIAAcPVTMgIb7fypGf9xWrctfgdLm46Ya5jM+a3Kf563Q6WlpacLvdGI2B163L5aKpsQmPx4PL6QS8PnA6vY6I8HD0BulOKZFIJBKJP/r0V9JqtePxeMjP/4KGhkbOOft3R9xoq62t4+qrr0Sn0/H8uhcJCw0hNDS0X69ptdlR3ArzF91J5siRjMzIwGAwsGPHDgp37OCRR/5JQ2Mju3b+SO7qp3lgyfJ+Mdry877iuedf4JprrkZRQKfouOH67D412nQ6HbUNdRj0gXedhoZ6FPT8fsoUUgYNJiUlFRQo319KaWkJH77/b3QtDiIiI4IoSQEHCqGWdDIyw4O/kWCpKICk0RQBGUf62n6x0mx1U+/2Gs4ufTgh5jDi2qXw1JVR0yLqNZRqSwQZ7Y47bWXYXf6P4yjAXpuC0/exOtJMRqe37C3LPkMcGdH9Idz78ldiyTAZDzvqvU/z4eXvQAENVSmU+r2HHtChfgxUx0STEdJHeR8V+OosNLaf2rU72vfxw+vXaSujWJ/csWyaPtuT5+LooDfPVAENVUMpPSrvqzN60M5Ne6hqMHXIpdoQ1fZ+6O44BNBXvP2/CTi8n/jaJ8zS4X3SsW/5rtv6/HR8Z/stlx+UvgqcK4y1zz7/iMTERA4cOMCErNNIS0vti+wDxm6v5Y9//ANxcXFUVVXx/PMvEhbWf0ZbcXEJ06dfxINLH8RkikVVVVwuF+ANeQFgs9m4fd58xo07gRtvugGLZRDDhw3u03IIY23GjKspLt4DKAxLH8La517g2mtn9InRpigKOp2eyor9hIRGEkgQtIOVB5kweTLTL7+K6JhotuZtpqLiAABJScmcnDURu83Gi+ue4YfvvseSYAmgJAUcKFzC545FjNn+ICEnrelfw6miAJ7eTeFUeGPURUwrvJpv+vvaHQzEzrBSW2jiguW3kmVW8aCgs25hxfz3sWdGEwc4CwswZD/M7VmxeDygU/by2pzVbMy0kAE0FxaQsTCXS4eqeFTlsOPUFlAUM5fl88Zj8mbAnteyWfbDaDJiOpal+UAC5951M6P25XDbG7V98OPe/sfKTrN1EL+/cy4nVm9gztM7O7zcPHW7Cb/gAf6cVce7C9bydqc/UgU0VF3MH5ddBG/dzZLv+8BocxRQFH4jD916EjFuFRQr+f9Yxuqm5F+I0eats5lLp2Damsud7/RFuwaDr4+vuI0skwqKnbzHH2ytX2d5ASNufo4Lap/kr6/VecvmKGBf+PX8/daTiXV7UBXxXLzNrsw4MgCPtYDQqY9y87ho3J08F0cHVpqtAzn/jusZtnsld7xdF3Dde+oK+KnsQhavOZnt85/jrR4YbZ66Mg664g8zdIOmaQ9VDYkaQ0c7cOpBOzftoer421hy4SBUFBQARY9h/7vMzi0gI7TUe/yCQaiKOK5D2fM6c5f+REZmaAB9pYDKwvO5IXc6Qzwqim4fr2U/y8bMWDKw0lAYz+8fvZ2U/97J3771Gm2eujKipywm+8RY7zUBRaen9rtc7nizhjSXid/dNosTYr2/p/jKrd/7GtkPfgvp8V2+O/pEYbNabXg8Hj7/z6ckJFg4ePAQZ591HomJgfz49i2RkRG88MLLzJhxBfHxFmbOvIa1a18A6HOjrbq6hutmzWTZsiUAPPWvlTz99LP8tGs/qgqjMocwO3s2f/zjH1iZ8yQej4eWFkeflkFVVbbkf82GN97i4ksuYn9pKWedeT4GA3z62UfM/OM1GEKMzLj6il4bbYqi0NLUiM4QSiDGWl1dHWeedQ4zZ83mm2+38Ob6VygvK6eqqgIAiyWRjz/8gKmXX8Ffb72TnCefoGD7D0RGRgZQGg9uF7jcnl7dU8/o52trDUQON9qctnJOWHQfE5QtPDQnh52MYfaKW7lzURlznt6JSb+TiOyHuXmCnVdn385G4NyFuVy6YirlD31EY0gZsXMe5tL0vbyWveSw4w3Ru7HHz+WR+adR/fwM5n8InLeYZ6/5B9mPPERuXWzbi6XJxsFTruPk2N1s+GcFZEb1sgK0P1YwwrCNLwurOP7ksZxfX8D7JqOvTqw4HL/h9PRoPLs+522DsYsfJw9ulwv6pNkKqGu4jL/fYuT52TfzPQ2cu2AV02deQf6jGykP6eUPnQSnzcqJdz3ARPt6Zt/5AfzubnKvvYr8hz+gwb2b4sn3cJd5E8vvP0RCZgRgpblhMtk3/4bix2azsjwRrAne52K5whMPe/u1bdh87gx/luzsSsKp5LQFuUxfMY3KRzZS3lsDpU9R8bhduD2BayrNhQVEXP8ouSdF0NK8j297cFVPXRlRF93D/GG7efKhDyjtaZ007aHq+NtZdjG8teB53rVEkNHJwCm9Jdh29uJSQbVu5dEFL3DIEouedkpVE+BRUdnL63OX8qUlnqaqLBbkTmf5nKeY/14daa6u+sqH2HQnc8VDl2LOf4y5q7Yzcs4j3Hn3SWzMLcSjlhM99w4mWl/huk9jyUhpu20XOtjzBtcvyyPe4rU5vApbPc3WWFQUrPn/YNGaKuItehqryjlt0RrWrDmbrx+6l9WOIX6Ntl4Pl6qrrRiNxlZj7dChKs44/Sx0Oh1hYf07FdkZBoMBvV5h3bpXsNmqiYuLZ+bMa2hudtDS0tJn12lubsZsjuP+++9DVVUW3rmYP9+0AKfTRWbGEEZlDqGpqZm52dfx0caPcLlcOJ3O7jMOAo/Hw5b8r3nrvX9z8SUXsWfvXiZknUFEhBGj0cipp57J7t17uOqqy1n/2hvk533Vq0UCiqLQ1NKCTowMusDpcBAZFc20K6/km2/z+fvi+dTV1eHxeFj78gbWvrwBj0fFZqvhngXz2FlUyGXX/MG7AtWnUPaE6sKCDp+LKrpOU1RYRZH4YNWcW9gUwBWL26W3BV+eisPLUq3Nxve901ZGhbWZGgpwuC7hpCEefvp4HTvTRpORtp3VH+/CPeQkprgasTdO4aLxMexafz8b00aTkQ5b3t1K7YAMJqc0YneM5ZQRsVRteo+NqaO8x9/Jw2oZxWlpTurrwpl40Xgit6/jwa9HkpGZQtqmd/niQDjDJg6Aljarx9nSyBljB6Pu2caHSaFeg8lRgL3KSpXvX1FTMw1VVoo6VGkBDe3T1PnydJRTWdmAw+nE6WiAshp+Us1U5BVTZxjO2NMbQeTjKKcpJYuRCSHs+f5rCHV3zNPm/5nz1In6bEfTHqqqGtv6hC9dVWue4thoos2vsnLJuxzIHEJGWgQbv9mDx2RhkNvDIVE3trZz21/L+33763jrwlte3/+b3DRbq/zci0jT7LvfOoocXZVX1Ff7dml/zNrxWk3ee4y0vMXD2bO58+X26lrHdjvsGr46rO5wrbbyBYYVtzqWtNhqNr39DaSnMPCL79gdG0+au4VD+y5g8WVmNq15haL0CJ9BYSbMvJe3H1zByqbRZCRayEj
|
|||
|
|
也可以用Java中类似的方式新建数组并且访问:<br>
|
|||
|
|
<code>new java.lang.String[]{"a","b","c"}[1]</code><br>
|
|||
|
|
<code>new String[]{"a","b","c"}[2]</code><br>
|
|||
|
|
这两种方法都是可以的。<br>
|
|||
|
|
<img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA1oAAAD4CAYAAAD1npfmAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d3xUVfr4/753JskkIcmkEtKYCUMTy4KUgK4NBCyr7FJsiAppuPuxICXArqwFSRDL7iqEJIAFdWmKuipSXHVXSQCxoBSZZIYUCKkzCUkm0+7vj5kkM2kkAdn97u++X6/4krn3nnvOeZ5z7nnOec5zBEBCRkZGRkZGRkZGRkZG5qKhHDN2wn86DzIyMjIyMjIyMjIyMv9TiP/pDMjIyMjIyMjIyMjIyPyvIRtaMjIyMjIyMjIyMjIyFxnlfzoDMv+7CIKIKAoIguDaCNj2HxkZGRkZGRkZGZn/aWRDS+aiI4oioijicNhpONdEQ1MTTpsdh+TAbrcjCMJ/OosyMjIyMjIyMjIyvyiyoSVz0RBFEYVCgaWpCVOticbmJhQKEVEQEQQBURTx8/O7KO8SkNfGZGRkZGRkZGRk/nuRDS2Zi4KPjw8WSzNnz1bQ3NyE0keJ6iIZVe0RALsgoLDbQaH4Rd4hIyMjIyMjIyMjcyHIwTBkLhgfH18aG89RUnIKp9OGn58fCvGXM4AkcBlZSnmeQEZGRkZGRkZG5r8TeaQqc0H4+vpiNpsoP3uWfoGBl+7FCgVIsvOgjIyMjIyMjIzMfyeyoSXTZ3x8fDCbTFRWVV5aI0tGRkZGRkZGRkbmvxzZdVCmTyiVSpqaGimvOIu/v/9/OjsyMjIyMjIyMjIy/1XIhpZMrxFFAZvNwekzp+WVLBkZGRkZGRkZGZlOkA2t/0EqKqqorKz+xdJXKJRUVZTj6+v7i71DRkZGRkZGRkZG5v9lLvoeLYulmfKzVSgVInFxAy528j2irq4eCegXGIDiEoX/ttqsmGvrsDucNFmaQQJ/fz8UChG1OrjVKKmorCYqMvwXy8fBA1+Tk7sBm93O7+enMWbshIuaviiKWCzNNNusvToTy26309TYhNPppNliBcBP5YuoEAnw90chRxCUkZGRkZGRkZH5H+Kijm5ra804nU4OHvw3DQ2NTJo49ZIbW3V19dx7792Iosibm99G5ed70Q7J7YpakxnBIbBk2WKGDRnCkKFDUSqVHDt2jOPHjvHCC6/Q0NiI/uej5OZt5NmVWb+IsXXwwNe8/uZb3HffvQgCiILI/PSUi2psiaKIyVSDsheGUcO5BhSikt/89rfExScQExsLwOnSUkqKi/nk439As5WAwIBe5ERPqQHsxKLRXoI9YgY9aHUYAc2lfneXVGGpBZPNtTBt8QlEGepHnMcdzno9FU1h7n+psEQFoPG4bjOXUt0c0OV1rHpMpjAs7n9agsLQdFpkV17KlWFogn6JhXJ3+qIaTUhH3XOVM6Zj/r3Q01ARRmWXZegDXvXjg0UdhOZ/aqHXXWf+6l9Irv9lNOkpr3e1F4tfsLeuWfWYTDGYum1DnbcRz3s6a6feafRNj3rWBnqLZx/TMV82cyllYoy3bnjUYQueddm+vqCTOuu1HFx6Wu+Vqkd/1q4f6/K9HdJq3ye6+yFVROtznZWnffo9KbPNXEoZ4UQ7G3rRj7ryWuvvS78mCVOrfPogt/Z9fSd62rF+6JB+5+XoWd/bVR14fscs7fuiJj1GS3y7vHp/G7tuU+3v85ZLX2TirNdTbI8nSqykgug23e2VTnemzy206GTHvHeadof0zq/TLeVoGzu40/ao+x61Y6/3x1DZvm/qdTvvrMyesu1NnVw6hDFjJ1yUGNktRtY/P99D//79OXPmDOPG/pqBA2MvRvI9xmyu44EH7icsLIyqqirefPNtVKpfztgqKipm+vQ7eG7Vc6jVIUiShN1uB1xR+QBMJhMLn1jC1Vf/iod/P5+IiHh0gxIuaj5ajKzZs++lqMgACAxK1PDG62/x4IOzL4qxJQgCIFJcbEClUvXomeJTZ5h48/XMvGc2QcHBHCrIp/zMGQCiBwxgTNJ4TLW1vPXaBr45eJio6MgepKqn1PAU+y1PcsWRp1GNyfllDR6DHrbpMcyA7YlTmWm4n4O/9Lu9DLvOqKLOEMWdmQsZp3biREQ0HSAr4x+UaPsRB9gMelRzV7N4XAgOSUAUitiWls0+bQQaoNmg57IlOcxMdOKUxA7XqdNjDEsmc9FYQpxOBEGkaFsqq7/VoQn2zovlVAy3rlrAZYa1LNxuugiDck/DrQZLbSK/Wf4wV1dvJz3nuFen6azX0+/O1Tw6ro6dj2/kk04HmnoaKm4j+aVp8N4SVn17EYwtqx5jvzRWP3E1QU4JgVoKXnqKTedi/0eMLVedzXtxGuqDa8nYaf7fNrbq9BhHLiV7lhanJCAatpH+ws9o4pRuWaeyenE0XzySx0duHbOV6hm2MJdZGgcOyTW5VbQtldVf6tC4P32NBj1XZOQwS+vEIXVsp97XBUSxjoMvPMmGc7FofHs2geGs16OetprfjzHx3oLX2HVRjC13H5O1iHEhThDNFLywolW/baV6hi3eyO21f+XxrXWu/DXpKR+5jBfvSHCdLA8gKFAWf0DquiPEUs4VaS9zRwKt18X2/Uqv5eDW0xd+Q4LUkq6IQlHMzsc28i/1aZQRaSxJH0kIHu8VFRi3ppD5WTzKgS2DdD3FhsksWj8TrSQhCAa2puWxTxuChioaDdH8Zs0SYj5/nGcORRBrLeXK+a8wLcGOw3Mk5XTiFJSc/jCD5/Y0MnVh92W2mUu5fP4r/M6xn/2hSVxWuJbF756vvbn7tBfvxJl/AHXSUArXriGvyo+wMlXv5GbVY+yXQuYTYwhxOpFavyfvYdCGtulSkx5j+WQycmaicTpw4tbX5xexoVFHbFNn5agksumq8/a9XdVBgqkInzmu75gTEXPBS2TssKAJc+mb8Yrl5N1i4q9Pf8DRUD/i3HK6PesJxoa48yiYKFizhE01Ht8uqx5j2VDmZi103+fWiW0pZB7WESv1XibOej0hv1vDHwYdZ3/tOCYo3iN13VE0grEXOn2ayIrfkPLyHSQ4XPlqQXI4EZSn+XBBHgU+A/htRhpXh+DV1hTGbaStOgix4e7vUO90WuPf0p9kkX51SGvagqCg/vA6Fu8wEes8ff527FEnxVVTWZo7hu8f28DHLX1Tr9t5FZZaLbd5lVlAFOs5vPZ5cir9iG4Ib3e9qzq5tFwUE6+21oTT6eTzLz4jMjKCiopKJt40hf79Iy5G8r0iMDCAt976O7Nn30V4eARz5tzHG2+8BXDRja3q6hrmzptDZuZKANatzWbjxtc4qS9BkmD4MA3JKck88MD9ZK9/1eU212y9qHmQJIlDB/fz7nvvc+e0OygpLeWmG29BqYTP/rmHOQ/ch9LXh9n33nXBxpYoijQ1NvTYHbOuro7b77iVh1LTOXzoADv+/g4lpaXU19UAEBQUyq5PPmLW3ffx2KKlvPrXlzjy3XcE9utJgA0JhwMcjv/EWVq/8LvbG3Z0NLZsZhNXZ6wmSTjA6vQ8ChnKQ1kLWZJRSnrOcZyikaC5q1mQZGJL6mL2ARMzcpiVNZPTz+yiTlVC6LzVzEo0sDVtVYfr5pASqqKSeWHZ9VS+fj8Ze4FJS9l0/0vMPfMcG00hbR1Wk4nySfMZqy5ke/Zp0Pa7wApwdai/Wf57Bp98lcXvQoLyMF8dq2LkmF9xc80P7AlRuuukCqvlCsbpgnEUfsYnfr7dDDAlnA4HXl+uPqOnvmEaTy5U8lpqKkeBiUvWM+Oh+zmY+QnHfTubCZb5r8WqxxSbxosPRHPg6VQ2nhzK3NWLWDbpMZ77NpKo8mHMWzOO2r/P46MgnUvHmvSUTX2KZ5XbeSjtX6hoxDIpg3dS/s5icS6rf4ghtlHPlRm5zAorICutYzu12Y3e1wMDoOFG/vRSMqOeepfSBi13traDS2vo2swmRi9bw3jTFlKX7IGbl7F+3hwOPvcxZkcJZTcs58+h+WStrETpMdlkkQDTIdYszaMoMAwVbTPKNjM4JAEM23h49dfuOvPoV8orUfdWDm4kycSBNRm8VhKGygdaZ+6tYJKcKHzqObBqkfu6BUvDtWTk
|
|||
|
|
Map同理,可以使用key的值来直接访问value<br>
|
|||
|
|
<code>#{"A":"a","B":"b","C":"c"}["B"]</code><br>
|
|||
|
|
<img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3EAAADRCAYAAABigDs/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d1xUV974/753ZmAAgWEoEkCcwbGmahTQ5EmxJtns6q6aaopKM3m+KcaCuptsigpqyjZFQE3P2jYmu0mMJW03EdSYYmKJAzPSROoMCAxTf3/MADM0Ac3u73me+369Jq/Ivefecz7ncz6nfc7nCoALCQkJCQkJCQkJCQkJif8RyCckTvpP50FCQkJCQkJCQkJCQkKij4j/6QxISEhISEhISEhISEhI9B1pEichISEhISEhISEhIfE/CPl/OgMS//sQBBFRFBAEwX3gsuM/EhISEhISEhISEhKXiDSJk7hsiKKIKIo4HHaaLrTQ1NKC02bH4XJgt9sRBOE/nUUJCQkJCQkJCQmJ//FIkziJS0YURWQyGZaWFkz1JppbW5DJRERBRBAERFHE39//srxLQNrTk5CQkJCQkJCQ+L+NNImTuCQUCgUWSyvnz1fR2tqCXCFHeZkmbJ0RALsgILPbQSb7Wd4hISEhISEhISEh8f93pMAmEgNGofCjufkCpaVncTpt+Pv7IxN/vsmVC9wTOLm09iAhISEhISEhIfF/F2k0LDEg/Pz8MJtNVJ4/z6CgoH/fi2UycEkOlRISEhISEhISEv93kSZxEv1GoVBgNpmorqn+907gJCQkJCQkJCQkJCQkd0qJ/iGXy2lpaaay6jwBAQH/6exISEhISEhISEhI/J9DmsRJ9BlRFLDZHFScq5B24CQkJCQkJCQkJCT+Q0iTuP9FVFXVUF1d+7M9XyaTU1NViZ+f38/2DgkJCQkJCQkJCQmJ3rlsZ+IsllYqz9cgl4nExV1xuR7bLxoaGnEBg4ICkf2bQtBbbVbM9Q3YHU5aLK3ggoAAf2QyEZUqpH3CU1VdS1Rk+M+WjyOHvyI3bws2u51HF6UzIXHSZX2+KIpYLK202qz9+uab3W6npbkFp9NJq8UKgL/SD1EmEhgQgEyKNCkhISEhISEhISHRLy7LCLq+3ozT6eTIkX/R1NTM1Cm3/dsncg0Njdx33z2Iosgbb76N0t/vsn1guifqTWYEh8DylcsYNWIEI0aORC6Xc/LkSU6dPMmLL/6ZpuZm9D+dIC9/Ky+szv5ZJnJHDn/Fa2+8xf3334cggCiILMpIvawTOVEUMZnqkPdj0tV0oQmZKOeXv/41cUPiiYmNBaCirIzSkhI++vAf0GolMCiwHznRU2YAO7FotP+GM3kGPWh1GAHNv/vdPVKDpR5MNvdGukURhDzMnzivO5yNeqpa1J5/KbFEBaLxum4zl1HbGtjjdax6TCY1Fs8/LcFqNN0W2Z2XSrkaTfDPsbHveb6oQhPaVffc5Yzpmn8f9DRVqanusQwDwEc+CiyqYDT/qzaoPTILUP1M9XoxvHW8q3xt5jLKxRjfvHXW2X63C3eZG7u95tFDZUS7Dvm2IV/a2kt393RuSzZzGeWEE+1s6qEdeeqim/L0lt67rJbO9diix2gZ0m+70fm+bu2CVY/JNBgxwEpzS8BF2mZf0vWvXtrKV9mobv+nxT+kW/vR5T5vGfeUn0561iXd5S6LT5pu6rLTff3Tk77Z7x511Et+XWRs1WMyxWDqte/pqW/x7eM63+ds1FNiH0KUWE0V0V3rtrd69cipPsCPQS0uTO22ZQA2p3Nf3JOetZc7tNu+4qLl6Y7LpGMDtmPd6tkAZNiprqCTHC92nV7kd5nS9k23u+qsrwy6u967zvQFYULipEuK1942gfv0s/0MHjyYc+fOkZT4XwwdGnspj+03ZnMDDz30AGq1mpqaGt54422Uyp9vIldcXMLs2b9izdo1qFShuFwu7HY74I7eCGAymVjy1HKuv/46Hnl0ERERQ9ANi7+s+WibwM2bdx/FxQZAYFiChtdfe4uHH553WSZygiAAIiUlBpRKZZ/SlJw9x5RpNzP33nkEh4RwtLCAynPnAIi+4gomJE/EVF/PW69u4esjx4iKjuzDU/WUGZ7lkOVprj7+HMoJuT/vZMqgh516DHNgV8JtzDU8wJGf+90+k8buqKHBEMXMrCUkqZw4ERFNh8nO/Ael2kHEATaDHuWCdSxLCsXhEhCFYnam53BQG4EGaDXoGbM8l7kJTpwusct1GvQY1SlkLU0k1OlEEESKd6ax7hsdmhDfvFjOxnDH2sWMMWxkyS7TZRjwew8q6rDUJ/DLVY9wfe0uMnJPdTG+g2au4/GkBvY8uZWPuh0s6mmq+gUpL8+Cd5ez9pvLMJGz6jEOSmfdU9cT7HQhUE/hy8+y7ULs/5KJnFtmC1+aherIRjL3mP/NEzmPjmcvJSnUCaKZwhefaZevrUzPqGVbubP+jzy5o8GdN6se46BUsp6aQKjTiau9XbyLQRuGBnDW6Qmcu4EnJwR30y70lBims3TzXLQuF4JgYEd6Pge1oWioodkQzS83LCfmsyd5/mgEsdYyrln0Z2bF23F496BOJ05BTsXfM1mzv5nblrzCr+IBwX1Z7NSWbOYyrlr0Z37jOMShsGTGFG1k2d+85a2nyXAb8zf/hoS6I/xh9V7ORHYMnHpKH28qRvGg2wY4ETEXvkzmbgsateiewF29ivzbTfzxufc54RmI9S4fryI26hk0M4vHEtUU736Cdd/HdLQpqx5TRDorHkngVIGJpGSRPYu3sfdiE7ke01Ug9qNeNAG4y3fVSjbfpcHhdIIgIhbvIiP7Rx+bbSvTU36z132IyBqOkrXsfVpjK2nuJj//UlUgj0hnecZYQmmr1042+HKWBT11htt4NG82Qx0OXIKIqfBFVrxuQzPEu00ORE/qibaH8ctVjzL8zF866V0HPeqoqxjj2BXk3KXF6RIQDTvJePEnNHFyT3tMY92yaD5/LJ8PPPVvK9Mzakked2kcOFxe7eELHZq2IaNVj7F8JAuyl5AY6sAJiKIM485Uso7piBf0hP5mA/897BSH6pOYJHuXtE0n2vuG3uq1VFtJWNUvSHlpJs6Cw6iSR1K0cQP5Nf6oy5X9sznU0GyI4Zfrn2RCsANnu56dQqP16yRDPWNSc5mdUMfhP77IVlNoe1/hbOy9PD9nexmoHQMRmfkI65bnURSt8+jqAOx2i57KsSt56VfxHc8WZMhL3idt03E0fsZurvvKuUf5XUpawdhP3a7BUq/lF5npXB/aJicBUWzk2Mb15Fb7E90U3um6u6wy407S1x6B2PABjR8uaSeuvt6E0+nks88/ITIygqqqaqZMnsHgwRGX8tgBERQUyFtv/ZV58+4mPDyCBx+8n9dffwvgsk/kamvrWLDwQbKyVgOwaWMOW7e+yhl9KS4XjB6lISU1hYceeoCczX9xuxK2Wi9rHlwuF0ePHOJv777HzFm/orSsjMm33o5cDp98up8HH7ofuZ+CeffdfckTOVEUaWlu6rOLakNDA3f+6g7mp2Vw7Ohhdv/1HUrLymhsqAMgODiMvR99wF333M8TS1fwlz++zPFvvyVoUF+CpbhwOMDh+E98K+5nfnfnSSNdJ3I2s4nrM9eRLBxmXUY+RYxkfvYSlmeWkZF7CqdoJHjBOhYnm9ietoyDwJTMXO7KnkvF83tpUJYStnAddyUY2JG+tst1c2gpNVEpvLjyZqpfe4DMA8DUFWx74GUWnFvj0/nQYqJy6iISVUXsyqkA7aBLFIDbEHYMKiBefowvT9YwdsJ1TKv7nv2hco9MarBariZJF4Kj6BM+8vfrZZDowulwgPMSsweAnsamWTy9RM6raWmcAKYs38yc+Q9wJOsjTvl1XQGX6B82s4nxKzcw0bSdtOX7YdpKNi98kCNrPsTsKKX8llX8PqyA7NXVyLUBQA2WpvEsWjIa/Ytp5BtCwRrtbhdZAn94wa3XVSMW83vlFtLTKwAzU5ZvZm72XZxf+wFVXMv87LmoD28gY8tphi1cz/JViRzc9CNOhwlVym9Jrv8rqR+r0MQBAXF8v+m/+dR7R6GpjiseXMvTVxaze28QV6iacbgEMOzkkXVfoaQZS6e2FAsILhfid1t4dews
|
|||
|
|
<h3 blockindex=26>选择和投影</h3>
|
|||
|
|
<p blockindex=27>这段就作为一个了解吧,我直接复制了milktea师傅的文章中的一部分:<br>
|
|||
|
|
OGNL支持类似数据库中的投影(projection) 和选择(selection)。<br>
|
|||
|
|
投影就是选出集合中每个元素的相同属性组成新的集合,类似于关系数据库的字段操作。投影操作语法为 collection.{XXX},其中XXX是这个集合中每个元素的公共属性。<br>
|
|||
|
|
例如:<code>group.userList.{username}</code>将获得某个<code>group</code>中的所有<code>user</code>的<code>name</code>的列表。<br>
|
|||
|
|
选择就是过滤满足<code>selection</code>条件的集合元素,类似于关系数据库的纪录操作。选择操作的语法为:<code>collection.{X YYY}</code>,其中<code>X</code>是一个选择操作符,后面则是选择用的逻辑表达式。而选择操作符有三种:</p>
|
|||
|
|
<ul blockindex=28>
|
|||
|
|
<li>?选择满足条件的所有元素</li>
|
|||
|
|
<li>^选择满足条件的第一个元素</li>
|
|||
|
|
<li>$选择满足条件的最后一个元素</li>
|
|||
|
|
</ul>
|
|||
|
|
<p blockindex=29>例如:<code>group.userList.{? #txxx.xxx != null}</code>将获得某个<code>group</code>中<code>user</code>的<code>name</code>不为空的<code>user</code>的列表。</p>
|
|||
|
|
<h2 blockindex=30>Invocation.class</h2>
|
|||
|
|
<p blockindex=31>那天在公司审代码,发现mybatis中频繁使用了<code>setAccessable()</code>,跟进去发现了这么一个类,正好也是闲的,就用它写了个弹计算器,心想也没啥用。</p>
|
|||
|
|
<p blockindex=32><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAtkAAAJrCAYAAAA1T4/gAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9ebQdV3mn/eyhhjPcSZIly4NkWfKMbGPHBowNGMwQgnEIJIS5CRnISmf1172+JuFbPUKHJKSTdIYVMDhMDQESggkQYxuIwRgbbIznebZsWZau7tU995xT0x6+P6rOuYMkbIMJBO9nrbOOzj1Vu3btqqv722+9+/eK40863SutmZ6aYnFxEWMMgX89vJBPaXvhf/D38gm+d2L18Z/a8Z6o/dXHGbU/+iy9W9k+Kz/v3/6q8fFPbrx+8sd3zeZuxWe5an/hVn5e/f0PjRid18p3t+p+86vPb9XnJ7rfvLdPqVurj+YOuFUgEAgEAv/2eZr+ogcCgUAgEAgEAoERQWQHAoFAIBAIBAJPM/on3YHAM4Mnm2bys96HQCAQCAQCzwxCJPsnjPA/+PVvndXncaDzK8sKrTS9Xo/6lnz6b8uRwN5vjJsc5cnJSYSQeO9XvP6ts+L85M/e+QUCgUAg8NNKENmBnzhKSgbDARMTE//qxzZVhakMs7N7/9WPfSBWL0z9EVujMhVVZZjd+2TOL/x3EAgEAoHA04V2ov7T6sTT/Qf+pxzhljlFLBcXT+R3MNr2YNs90fc/Hp6uVAiHqtvjYK4Rqnl/aq4SK8Zj5LzhPd55lFYkaYQxDu88QjzRjaie8vEP9lRAKomUCik9RV4SqQjhwYsDX7/VLiH1tvU51d9Ey7d+0v2Ty7Z2QiEb146R+8nIBWTJJeUHNCbcuDUlJVIrlPAURYHU0UF+z0f37Whsfzz3b3ATCQQCgcAzBTn64+poxILUjB7ZSzjgSwk5/pPsRW1T5qWp30d/wIVr/tg3e40/g/QRykyQVB1S60hcifK1cBkfw496JsciBmHGlmhjmnaXH1eO/5TLlX1Z/lo+BKvw2Oac6tfy7a10WFlb79X2e1F9Pk4257AkgPx426VzO/gj+iVh5L2gFjsK4dWq75uXMCAMkuZ8hcFJMxaB41aFW/aibtP5ZowcDlW/RuINUL5C0yf2fSTl0vFwgMUvt8E76LiuPrel7UdjIITnOWeezG++400o76iGOQKFqyyRL1HkTR9H4tYhPChEk+4xGp/65YTCSkWloJIKLxypG9KyQ5QfWVNKhFxKSXnhOS/gN97xdhKd4q2vLfUOZKPn5YpJmROj49ZCePW401wX4WTdZze6LxxgUL4kdjlt16fthihfIrzHeoH3DuHV+H5aut6r78OlFzQTCbHyPjn37LN559vfTkvHCCHqyTRyfD715HqpjytSaYIkDgQCgUDgh0bWf2glXtZixjsFPsFbsKVDS0GkJK6y2NKA8ygEE60WpiyohKWUFXODWXIzYKR5lPI4U+GsRKsU4w2lHZLnOcK2iYdr+dXz3sbzjz2ObtGj4wQtnZIPM2xRoI0ndhpBjJea3mCOymcYb1gcDgBJHMe18BYGFUd46cgGPbwrUWi8FwgtKEzGsOhjqfDC4BtRvvxV4/BYLBYvwWJr8STB2YrKWRbLnFxahtZRGYW1KZiYSd1CFR6fW4osp3IVfZOxWA0pnK9DkGUtbj0W4euX9NRCWZRIDFVukE4z7JX4SpHELbx1FGWGkI4oViAMSVshfEFLKmIPlc9AGQpT4IQjH2bgLTIV5CKjVy5ihMVUFuEltsrxWIZVBUmKcQ5jK5QSaJfxe+98Ha8+9ySE72FdRl4tYuyQsirAebx1DBZ7COlQ2pHnfdqd1rKJ1HKB6BDUL600zjqSJCEb7mPTEV22HDHJRCwpBxnZYIh3Je/+f97Oa15xFtlwH3mVYalIUoXwFuUddlAiLbSTLlhNWYCQMYX3RJOTZJHk2BO28YH3/kcOMXvoYPG2zlGWKJSM8BbWTnbYODNDJ26TRq1mggPDLENHEXlVYL1HyoSscM3kCvAavBxPVqC+j1QUM8hylIBIaSIHsvRUwxxvCoR0vP71r+Giv/wjPvF//hcf+YP/zDEzntgPAYNz9RMWbRxdnVBkQ4S3eAqcLCmrgkE5pMTQswN6vqCUFiHB24rK5BhfUtoSa3IOXTvJEeumiaVACIGME6yQtJMu0mvKCqTWpErR1hrllt2To3fc+H5d/TrYRHw1z7gnZYFAIBB4xqPrCKVmJBQq60hki5aYQAqPKnLwFV3VIi8zjHI468kXHBNyLcUgp9udZF3aYpAP8MLjhSLPDe1oEl3FuKFlKkmpBJRKoZ1kQq6hVXVY2NWjWrT4lgarSVWEUgpt27hKoR3MTHZY1xL0sh4D7+kkU4hK4wro6ilcZdBxFx1PMUwcZVFhkaRJB5EN0aYFOJSRVBGYUYROOPAweljvsXhvkU2E2JmcWEvyQZ81E1PkxiOTlMJVtFoprihxw4yp7gRRsY8uhjzqoHUKSYWsHEnSwpcFU8JRDAoKH+GEbCKfdfS7jpDWr4nuJEVhSVJFu+vJ871In7NxTYvFxUXyIqGyJWks6CQWaRyL/R7tyYSizJnurqPILUnL0+7AQjaH8IZD187QXxiCS5FCY32FsBUtEaFLhxnuI223cRVoURH5Pt04o01OHCmG5QJJOoU3Kc5L4kQg4xgtBmgB6QQMF3aCnsAJvfR8ZJWwWlhYoN1pU5YVnVbCFz/3Gb76hX/A5JOsmZzAxF28XyQr9hHJAVNdj1eexf4shWkjXBsPtFKPkAPyxQWEs6ybWsO+YQ+rFPt6C3hloZyjY3tM6SE9N0+s15AVHqkj6nhuxqVf+hT/8pWI0rbRPqYEUBCnisLsI408yufIcsCkjiiI8GikB+EljIq7eHBSkpcFrUQhRUlvfpYN6w6nN7/Aum5MbktKFF/84he5+uuXsD6V/JdffzOpzZG+noYgFVIo0shiigXSWJJXfaKWR6gIkXTQMoK4QhiLxkMxpCNi8jJHttoQJ1gsHS25+OKPc4lU7BtIiDsMswxjDRPK0k7AmQLbn6fd7pL3c2TcoRJyfN3SKKYoCgCKoiBJkh/Df0OBQCAQCPzsoRFlE33s4AToJGa413D0xtN4yZkvZvcjt7H1sHVMJzGXX30Z18/fgpUKXa3n1KNP4azjT0SbjMd23k9nwySfuupL2LTFYuE5YvJIXnb2GUzFGnzBFddfwT29hymKguk0RouYXXs9aecY2q0jOOfFZ3Pvru9wx113gjuU7cc8m+eecByqzNj18ANMHDbNB7/0SaJ0Gm1bHLV2M+eeegYtr3l4xx42bJnhX268mPsf34G36ziys4nnnngCmzeuZX7v41x9y7XcvO9BTFRBE1mtExeatBA8+WBIkipasee1rz2fs0/bjh0ucMvN3+MfLv4yVGuQPuEVLz6LM08/hdkdD3HW9pPoP/YgF33sU9z02DxeT9CNLG997fk895TtzO7cwdxjO2hPruf9H/wclWhTNVkgwqk64utb4CXDYYWnYs06wasvOIfTn30SyhXc/f3r+LtPf5FZH5HEMb/9tl9kcd8ONm/exrqZdTx4//188pOfZ77fQwpBd13KBRe8hNOfdSLSGm658Vb+7tMX45IULzyuKvilV76Ml57zPFKluOPOO7joE5+mUFMoqYnSFutm1vLu3/1NDjvicO566CYu/NtPUSWT9PKC0g143etezkufezodLN++8go+87lL6MuEOr5pmkj2yrjm5FQXYwxveMMbOPfsM6D3MMPeAn/0/ot4fL5EpAIhNUMMU+u7/KfffQPHHH0M99//IH/1139LUcR46VlzSIs3/Moreda2w1HeceMNd/Lxz1xCEm/kyG1b+O1fv4DDWxXt2Yf567/5I3bpNg/s87znv1+IMYKXv+osXnHe6cxEGbOP7eEP/vjj7Jkf0JlZz3zWY+KQmLf+6ms589jNJGXOY/c/wl9f+EkeKds4PYXyBuUkVkbU86R6wlZVBV4U/O47X09/3+NsOXILh05P8/C9d/CxT/8DOxYrMjvBonU8vjCglBqHBh+BTxEqwtmM33znr7Bz5wN88u8voTWZct7LTmXrtuP533
|
|||
|
|
<p blockindex=33><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA1cAAAD9CAYAAABQrY3lAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d5Bd133n+Tnhhnff6wR0QiMSkSQAEsxRjBCVKIoWKXklyxrnNA7jmVp7vLO16/ljampmd2Y0tuXyyKFsWfJYWgVLNbYlUaICJeZMgiABIodG6vC6X7jpnLN/3NsP3Y1IEjRpqr9Vt7rfve+d+Pv9zi+dc8Ulm652vIlwzrF27VqstYyNjTEwMMCRI0eYrNdRUna+J4Q47d+169YxMT5OvV5nYnKSNWvWUI0iDh48SLPVYsvll7N3717yPCcIAur1OtbaThnXX38927dvZ3p6GgBjDEophBA451i/YQPHjh1jamoKJSUXrV7NkdFRpqamMMawadMmjh8/zvHjxwnDkIGBAQAOHjzY6V+tVqPW1YWnNStXrWLP7t2Mjo5irWXjxo3s2bsXU7av0Wh02uecm9N/OWs8ZrBp82b27tlDvV7HOcfI0qVz+r9mzRqkEOzdu5csz5Gzxk8IwXXXXTen/yMjIwRBwI6dOwmCgGuuvvr04yMlzlouueSSU9rfbrdRWtPd3c1Fq1axe/dujDEEQUCr3SbPMpxzKKXYsmULu3fv5vDoKL09PaxYsQKAvfv2kacOpSKWLh0kiBL2799NngPOBxeAkyhlUVrQarVYv349U1NTjI2PkyQJlTA8ZbyEEOR5TpplmDwnDEOq1Srd3d1EUcT27dvRWqM9D60UzVaLRX191Gq1YnyWLuXokSPs27ePIAjOSd+r16yZQz9r165l9MgRpqamyLPsnL/fvHkzU1NTpFmGNQatNUopDh06hHOOVatWIcr5zfMcIdSc+V2//pI59W/YcCl79+5hamoK7Qk2X7aePXt2Ua9P46xgyZIVVKNah34uu2wjBw7sY7pRR0rJyJJlRNUqBw8epNVssnHjZvbs2Ysxp9IvwOrVq0iShEOHDnXadXbIuf87iXOG666/gmefexLnHM4qrPWw1nDtNVez/eVtHfpcsmQJfX197Ny5kzzPWbXqZP3nrpsO38NJ/otm6KNSYc+ePQghUEqRZRmbNm1i165dJEmCMYY1a9YAsG//fvIso1qrsfqii9i9Zw9Dg4MYYxgdHaXValGr1bjiiivm8Nfw8PCc9q9Zs4Zms0mz2WTNmjUcOHCAer1OnucAXHrppWeWb3hIEbJ02dBp+McHJ5HKobWg2WqxYf16Go0G4yX/hGFInuc457DWoj0PN2tuZ7B23TqsMYyNjxfye3SUyclJpNQIofC0x2VbLuHFF5/BGANOF/UD1hmszTpjPX+OZsvA14PzmfN3Muy87stzDOf8FebU2V7AAhawgAW8UZyqzV9gdHd3U6vVOHL0KEmSoLQmCAJ8zzuv31ejiCzLiOOYIAhYMjxMkiRkWUYlDOnp7SXLMowx1Ot1PM8jiiI83ydNUwCarRZSqY5x0tXVVRgPzlGNokJxynMWLV7c+ex5Hp7vI6UkjmMqlQqNZpOBgQGyUiHxPA8pJe045vjx4xw8eJCxEydoNpsAhGFIT08PeZaRz25ftYrv+6WyXChynuehlDrl0kqhtO6Mx/DQEHEck2UZQRDgaU2SJIVxVircUkqklB3FY3b/l4yMMDU1NccwabVaqPL50nJ8ZKmEzm+/kJKuri4qYUjcbhfP85w8z6nX60SVCtrzOnUHQYBUiv7Fi0nTFO15JEmCFAKpQMniO2makpucGYUbAGGRStJoNgmCgFqtRhzHOGuRQmCdO+UypXKolcL3fZxzTE9P09XdjVSKKIo6SmSWZdSqVaanpzl48CCHDx9m7MQJkiQhCAKMMee8PK1pTE/TbrXo6uoiDENazSZKytPO5/zLGEOtVmNyYoJKFKFn5rOcv/mf58+v55X1t4v6q9WIOI7R2sPzCkNNz6Kfvr5e6vU6jZJGfc/H932U0p35npyYoDE9fXL+84w8n81fBf1mWY5SijRNO217rZCymKc0TbHWYqwlNzkmz3HWnUK/i/v7OTw6Wnwvn1v/+cDzPKRS2HL+nXM0pqfp7u5GKUUYhmXfMrzTyKjZ9CuEIEkSrLUsGR6mt7eXVquFdQ4hZccIms1f89s/M79pmlKv1+lbtIhWu91p61nlWxYjlZjLP24u/yglaTQaBEFAtVYr2utcx8icMa6UUrRbrVP6G1Yq+J5XGOONBp7WhGFIGIZIKbHGMrxkkMnJCdI0J8+L+ctN0R5j8jMaVgtYwAIWsIAFvBPxphtX9Xqdl156iTzLSNOU3bt2MT4+jjGmoyTOuZRCzlI+c2MYHBpCKcWK5cvJjWFychIApRTjY2OsXLUKKSX9/f1cvmULYan4R9UqR44eZeWKFXhaM7xkCYsXLcL3faQQ+L6PEIKBgQFGRkaoVaukaUoYhoU31xistR2lZNXKlSRJQrPRQOlCGb3mmmsYGBjAKyM5lUoFz/Ow1pIkCWPj46xcuRJVtm/Lli0EQUAcx4WSVBpVZ0JuDIODgyilWL58OcZaJiYncc6hlSIIAprNJmLWGM5WYub3P263mZ6eLpQ9azl69CgrVqxAa82SJUtYVI6PKMdnfvs3b9pEtVYjz/PO81WrVqG1ZnF/P5s2baJr1vM0Tenr7e0Ybr7v02y1Osq4sZY0iwsFX6rC690hS0NuMjytGRgYoNVu0263caVyaI057QWFYhoEAWEYoksl2eR5oYRmGdZanHNceumlLF68mCAI6O7upre3t2O8CinPefm+z5IlS1ixciW9vb2kaUpUrQKFV/5c18x8tVot/LLNrVYLWRrdM/MrT2M0Q2EcLRlZwooVRf3GWrq7u9FaIWVhvBX0o1m+fDlaex1HRa1WxTpHfxmNHVkyghCCRrPZMTTGxsr5V5L+xf1subyk33ZMVNJ6x7g/Cx2fCVoX9cRxTJ6XRtWsaMZ8+rXGMDkxgbMWVRrQs+s/26W1xpaG+cxvK5UKQRB0jI2ZCFUcx9S6uua0VQjRic7OGLl5ltFstehbtIjcGKamprDGoKQkz/NT+Gt++z3fp9VqkSQJx44dIwxDatUqxhiEEGeXb1EVaw1pWvCPlAqYzT+WPE/xPI+BgQHarRatVqtwTkjZiVL39/ezcdMm1q5de8r8TE5MsG3bNpIkIY5jdu7cyfHjx0nTFOcMUTWku7vGiRMnyDOLNWCNxdoca3PAvm7DewELWMACFrCAf45QA4Mjv/+mVqA1cRwXBlOpGM4YE7OVqBllk3nK50B/P2masmbtWjytOXToEGMnThAEAc454jhmaHCQ4SVLqEQRhw4eZGJiovAKK0WeZQwNDzM8PEzg+5w4cYKjR48y3Wh00gOHBgepVqscPXoUhGBoaIgTx48XyofW9PT0sHLFChxw8MABGo0GlUqFuN1Gex6LFy9meHiYKIo4dvw4J44fJ45jPM8jTRKGhoYYHh6mUqlw+PBhJiYnyfMcT2uscziYc0kpO97lZcuWMTE+zspVq+jr62PP7t2MjY3hBwHWOZYsWcLRo0cLL/lpUmzyPJ/T/127dmGM6aQC5XnO8PAww0uW4AdBMT5HjnTGJ03TOe3fs2dPET0qJo12u83A4GDR/0qFV199FWsLharZbOKco7e3l5GRERqNBj3d3Z32OidIkwypHEuWDDIxUSfP5/Yhz1L6+/tZunQp+/ftKwzJUrE9XUrRjOHleR6e53HxxRczMjJCVKlQq9UYGBigUqmQZhmtZhPf9xkcGmLZsmVUo4jx8XEmJycLwz7Pcdae9bLWMjQ0RBRFHBkdRSlV0M+JE3PS586EpUuX0mg0qNfrLO7vx9OaY8eOdZ7Pnt+iv3OVVGMtQ4Nl/UdG8TyfxYsXc+zYMaR0LF06zPjEGKtWrqKvbxEHDhxiYnySKIoAGB4eZGzsBCtWLKOnp4d9+/YzNjZGpVIp+SthaHCI4SXDVKKSfidO0u/g0CDHjx0r08HOJ8VLzPnf8wLC0MfzJWPjx0slXIIrZITJM4aWDHXo98iRIyRpCs5RiSL6+/s5VtY/I1/OdE
|
|||
|
|
<h2 blockindex=34>配合ognl</h2>
|
|||
|
|
<p blockindex=35>后来闲的没事突然想这东西能不能写进ognl里面然后绕过反射的限制呢?好巧不巧第二天Umbrella让我助他SSTI,这个trick就有用了么这不。</p>
|
|||
|
|
<p blockindex=36>在ognl中通过forname()可以判断有没有这个类,也就是判断用没用mybatis。<br>
|
|||
|
|
图不放了,遇到有可能的环境大家自行查看就好。</p>
|
|||
|
|
<p blockindex=37>有的那么就尝试构造个表达式获取一下runtime实例,绕过防护试试。</p>
|
|||
|
|
<p blockindex=38><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACr0AAASLCAYAAAAiFOQXAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdaXMl153f+e85J9e7YkcBtRdZJEVSlNSL1G213fZEj59NTMzTeW0z72AeO8JjW56ejmnLstSSmmRzrb0AVGG/a25nmQcXKKI2kqgiWYv+nwiIwL0nM09mnsybpfvLf6r33nsv8AQhPPFlIYQQ4qXivQfAGPOCe/KV6XTK5uYmAOvr67RarYfev3//PqPRCID5+XkWFxdpmobhcMjBwQEAeZ5z9uzZU833h+KcY3NzkxACa2traK2faT7ee3Z3d6mqivX1dZIk+drlHbd70no3TcPW1hbe+6fO69vMRwghxKvt+LrgWT+bhHiVDAYDdnZ2AFheXqbf77/Q/oQQqOua0WiE1pqFhYWnthsMBoxGI7rdLv1+H6XUD9xbIYQQQgghhBBCCCGEEEK8CI9+J/B1fz/t9+j4l6eFXCX8KoQQ4mV2/Dn1Mn9ePdq3oiiAWbB1YWGBEAJRFLGwsEBZlhRFQdM037hOL2qdj5erlEIp9VzBouOLkhDCt74WeVI7ay1N0xDHMVrrJ7b5NvMRQgjxansVrguE+L686HFf1zVbW1tYa5mbm/va/vT7/YdCui+670IIIYQQQgghhBBCCCGE+H6dzIecfO1pfx//fnK649+jb/pSUL54EOJhjZcKNC+jWMu56k/VyxhuORngfFKYs2kaANI0fey9NE2ZTqdPDL1+03x/KCeX+zz9OJ725M/XLe/r2hVFgfeeJEkeuyg6zXyEEEK82l7G6wIhvi8vy7Xho/2Ray0hhBBCCCGEEEIIIYQQQpzW0wKvT3otejS48ij5kkL8qbFBHoX6Kmq8IlL+RXdDvAAvY7jlNKHQ07z3XYVNn9fxsuu6ZnNz85kfRxtCwDn34MLk60KvXxfocM4xmUwevG+tJYqiU89HCCHEq+9lvC4Q4ofyose9VNUXQgghhBBCCCGEEEIIIcSTPKl42ZMCrSd/f1ql1xDCN4dev+518fpymG/VTnG6oJPSp2vvvYQYxbdng8bgXnQ3xAvyMn1Wfdtw6pPe+7rP5Zcl9HqyD3VdP/d8oij61uvzpHaj0YiyLAEYj8eMx2Pa7TZzc3MkSfLYsuDJF1RCCCFefRJ6Fc/j0X9/aj27IdJaS1EUD26syfP8iTfYNE1DWZZYazHGkGXZY9cijy5HKfWNNxA9ev1z3K+nXRt676mqiqqqAEiShDRNMebb/TvfWkvTNFRVNfs/jqKINE2J4/iJfT1eH+fcQ6+d/Ptkv09O8+jrT5p3XddUVYX3Hq31g/X5uumEEEIIIYQQQgghhBBCCPHyOk3g9WTw9cH0l6++J98GvoL0S1LRUkKv4mXkv+NqvVneIs/b1HWFPXosvXi1tVot0ixjMplQH4UBXjcmimi32wTvmUwmcj4VQgghhBBCCCGEEEIIIYT4Gp1Oh8uXzjMtSm7evP3YDZ1CCCGEEOKHF6tZruc4+KqU4vHSJOKZvCwhVCHE7Hj8roOvQgghhBBCCCGEEEIIIYQQQgghhBBCCCF+OE+q/CqpMCHEa0mC6EIIIYQQQgghhBBCCCGEEEIIIYQQQgjxagshPPRfCb0KIV5bEnwVQgghhBBCCCGEEEIIIYQQQgghhBBCiFfTo4FXkNCrEOI1J8FXIYQQQgghhBBCCCGEEEIIIYQQQgghhHg1nQy8hhAk9CqEeP1J8FUIIYQQQgghhBBCCCGEEEIIIYQQQgghXi2PBl5BKr0KIf5ESPBVCCGEEEIIIYQQQgghhBBCCCGEEEIIIV49J8Ov0Qvsx2vFh5czP3z27Pqp2m9tbZ1u/ufOn6r95YsXT9V+e2fnVO03trZP1T5JTncIqFO1BtTpplDKnG7+wZ6qeafbO1X7yWRyqvYhnG59B/v3T9W+atyp2gshhBBCCCGEEEIIIYQQQgghhBBCCCGEeHWFEFAncngvZ1JTCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQvzJOlnh9fhvCb0KIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiJdSCOFBAFZCr0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBDipfNotVcJvQohhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKIl8qjgVeQ0KsQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEeMmFEIhedCeEEEIIIV4firSVkmeGrnHY2nIwtDQB3IvumhBCnIIyCTpKyPOUWHtUNaJqLJP6RfdMCCGEEEIIIYQQQgghhBBCCPGnTEKvQgghhBDfhQBKK+bWF7i43uHH7THD+2N+/eGIvTowVS+6g0II8e3ptEfeX+bCxTUWkgq9/Ue2dsd8uQdPeIKIEEIIIYQQQgghhBBCCCGEEEJ8b8LRl5RKKQm9CiGEEOJ1oUAb8lbMwlKLxU7EQm4wwROsZTou2B9UbO07ChewAGjiNGblbJdeHMiHA7ZHlrvjZ+yBUrS6OUurHa50HXtNxUdaMcTP+vciZSl02rzd96ynlut3S3YGllKBf7E9e7UoDdowv5CxMJ+z0NJ0IoXBUxcV01HB1oFlZ+iwL2Dbpu2M7nKPtW7E2c7xmAsQGoYHJVu3JuxXnsHrEFrUCbTOEXc6dHs1drTPZGsbDzy2evE8pGdoLxmS3FJtbFAPR7iTbZMVdL5AezVDuzH15h2assI+w7Yy/YuY+au02pok1UevVgQm1Pc3qDY3XtoK0DppY7I5zpxbZ219heVOTFzuMgiK4AMv/FwmhBBCCCGEEEIIIYQQQgghhPiTcTLsekxCr0IIIYR4PShFMDHdxT4/+skqP77Q4oOVlNQ3+KLg3s37fPjFIX8/mrJtA1YpQtDkrRZv/+wib3YtK9en/Oam4+74WRKBCtAkqaHdiel1I+pMk6mX5IKr0yacX+dfvdXw7xam/F//aY/fDBoalIReT0MbgklZu7jMB+8v8eOVhPNdTeosg+19tm7d5x8+njIeWKYo/A+cD2zNtTn/k8v87ZUWf3fOHL1qCWHC9Y93+fvdgo9qxyC8BsFFkxHm/4zswkXW3zykuP4x9dYOTQi4R1cvXSfM/w1zP82YW52w/5//C8PRkCKoB6HXkF0mWv0xS3+9SFzdYfCrXcZNibWn31bRyk/I3//fWV1P6C8cnQHCIYG7HP7jf2H/3l0mXuFewvCxyedJl9/hrffP8cGbPdzmdXZu7nNjYBlMeUKiWAghhBBCCCGEEEIIIYQQQgghfjgvRQZDCCHEt2QylEnIU4XGUk8LnPOzSnHBoHRM3G4RJzERj9ZiCygabF1RTUus8z94GEuI700Akxi65xa4fLHLny8H0smQj/7QUOsIFRkWenOsXTb85cjyL/drPh4cVSxUChMZ4tiTGIie9bhQgRAcu3d2+Wg6ZpBWTA8KNm1g+jJURlQKtCaONHmsidTsHPES9OzVESDvt+ieW+ZH51N+3CoZb474pzJQq4hOK2Lx0hpXJ9tQ1nx0GLhX/rBdrMYlO9fu8YdBTHlTQ5LT6SW8cyngYo1RCv3Ns3lFKNARysSYKEYZ/fQxXZcw3MP5K7i0S9TJSFpQFjwox6tbfUx/iZgaXY9pGo99xlKs7vAG5bX/yMGuoezkEK+RLKZ0zhkw0ct53KkEdI+F1bNc/slFluMDquvXuHbjPnc299gdNYwbJZlXIYQQQgghhBBCCCGEEEIIIcQLJaFXIYR4ZSiUSTFpl7ztMaEiVBXeOY4rTKJi4qxD1mqRKh4Em5Q2oALaj6mm4IoKT8C/nLEbIU4toDBRxOK5eS5ebPFOe8jNGwN+88chg6iNme/yV3+5xLm1iJ8dHDCtLR8PHk2zKVCGOI3odhTm6Bjy3mOtp6w9Phzn4xRaa9LMEEfqQYAUgPGE7dGYbeeprGfqwhMC5goTaaJYExtFrBWKQAgBbz2N9VQ24MOjRRW/ZjrnaWygbo76qRTKaOLI0IoVphsTWoYs8agoot1JmO87goImBPCOovKUTSDwPMUcZ0
|
|||
|
|
<p blockindex=39>线上同样不放图了,被警告了,使用的话是可以成功的,那就试试直接r呢?</p>
|
|||
|
|
<p blockindex=40><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA+UAAAHTCAYAAABBf7kTAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9aZBd53mg93zLOXe/vaGxElxBcAEXgKtIidZGyrIk27KsxZLteMoqO1MTJ/MjVakkVZmapFL5Ec+kMjO2J66xPePYslxWLEuybMmyJUuURImkSFAkSHDBQhBLN7rR693O8i35cc69vaC7sZMQfZ6qi0b3vee7337Ou3zvK27dc69nTSTCg1z2rpWOVDkAAisRXiK9xAkwMvtM/xonHWDw0iA8KCeRGHQYE6eOoDrG3HSboUoVKcFUwGBx3iOMp5QopJcYAQ6LkBaEQwgBXiJEgLKaklWAJQoMVkhwNZSHsu2BMEQarFy7hWviV3949e9q1e/2rCKCMCSKugRBQBR1EUIgpEdKeXZ55/y+Ve+eNVruAq4+G7fuOxLps/HsszT+ksCEhEZSNhIvHN0wwUuHtuCRRCrECUnZZN8SBQlWZt+mnKSchigSvFrEyQRPiPMh+BDQSNefUO6sWgoPcvA3hxMSj8blrZc4lE8QODwSKzSpCLFS5tc7Ap+gvEM5hxeSWEmkd1SNASRdHZJKkCQ46UhFmJdtUA6kC7P5TzbPnUzwAvAhwpXRpo4jIApipOhSsV0Cn+CW1ccLCOjihCNREuFCqkmIcJIoAA8ELmtnKrN11m9f4BMgHw8vCfL+SmRKqVohbkV469BCI4RADibOyhly9vjLtd8R68yUs+ZvQUFBQUFBQUHBTzIPPPAATz31FNZagjDE2bPlnYLLi97oTS/AIfEAwg2EApA4IVF+SVBQq57ZMxlA4vzS/wUBzjqEMHRbPRqNOqGUWCzGpBjh8c6jPBhhEXg8mYAvRL8MAQKkcHjpsE6RCcpmxfdbodYU6K4kUmYCexRFKCmJehFCCoJAo7TEWYf34Pw6epCrDCdA0h/j5eMPCIeXmaDuRX+uLP1EGBAyU4isIdBZZcA7vMimoEOzXCB0kkzgE2crIrwA52VersT36+iX6o3IFCAOcMLhhEGwJOi7/Nu8yNvZn695W6V3KM/g+zUGh1wSaYXJy3d5Wx0ir3vWVwYnHIoI6c2SEmH1nMzbkSmz+u9lCgInsrkvPQgcyq8UmLM2r/ybcZC0e9TDEs6YvF3LOqegoKCgoKCgoKCg4KpiA6E8Ew6skFiRC1HCZRZvp8Fnf+9bUwPfF0bACQlOgzAENhd0XDm3KXu0LlOplklTQ2R7mSXSkVsyBR6HV3aFMOakyizkUmR1E7kQLktAZg13ANKBkyAliEwUEj4THK80qUkBCHSAcym1eg3vLc45vHvzlAOXh2z8jdBY6bByafxVbpW10pDoTHDse0pk4+Bw0uCFI82FayuWFDjIbPysBwgRvsxAIJdJ9oMSgy5bQzDPvB/0QLyVMBD+HWCFxgnwwuVCbzIowwmwQmYKkrxsmQu3qcw8OgQJgQOf11sIkysc8iUjDKwStKWX4A1OJFglEThKPkJ5g8g/qxAgBFbmYnrubaL8krDupeuL+/TXlMYNvBb6ig+XKxGkdwiy+umghgOiXodQChCKFUqAgoKCgoKCgoKCgoKrig19T52A1DuQCQFtym6Rsu1SthGBT3LLXmYvDF1C6BIUCZIEiUM7UEKgncwFH3jogQf5jV//LDhPFPWw1mJdJhQpl1nchc/dvJVcEvJXuMn2f88ssU6AwKBIUD5GYHBylWX3CrHc6q2kZNeuXdx51530oih7fwNhXIo3oYKXQDb+BjBL4++6lFxC4DL3cKtc5paeC78u/ylx4C1CeHz+u/bZS+LwwmGxeO+RGALfpeTblKwhsPk8cHaZm/qaNVxW175Q26/H0qdWH8OQy353SFKhiUWdWFQHygOJQwhFSpVUVMmOc0i8L5OKMqkEq7NC5EBRlVn7s2sTEJl1PZZlerJOJOvY3DNAeIsEnBPgNdJpFAov/aAtanB2wC37ueq4wgpBXTLSbPCxj36UPXv2gLy651dBQUFBQUFBQUFBwTnc18FhhWW0ofn4Y+/iwb230Qw38/jjz/Klr3+brpOYQPMv//m/YOH1V/mTP/4jqpuG6BpHoEJwCu8duqzBQBL12D5aZ+eWUcoqoCdKOASBEBibInIBtlQqUanU6PRirDM4k1IqB6RpinAicwnXJQJZwsSWUsmzfftWfv2z/xX/9rd/j7mZRWrNIRZaETLIBBOxnveulAghiOMYAGMcUghKpRLOe2rVKg88cD+nTk1w8OBBhAClFOVyGe8c3SglTlKCMKDb6dKoNxgbHaNSLtNutUhNwvj4OJ3WAkIIEmORUmXlu6XzGWkUI5ViZGwT7VYLKbJ+aC92KFfKDI+OsHffPp54/Hv0oghrDUppfK4UWE+7Escx1WqNKIoG36eUplwu0+12UcFGUyAf/+bS+NfUGN95/Bm+/PXv0LMBbeOo1mu4pEe320WXs35zkSHQJYSSJDahVi/lHgOeKIrwUqEl/NLHfoaf+5lHMJ2TVIMa/9u/+n1OTrRINAhvMLlVfmARzxUZEodzHkECQpGkKVIphBBoqfBpD6UVJVWm24up1pvESYK1llKphE9iqrUa8+0Our6Jkevu5Z59d/ONz/9fEHWxaFy5RnnHbXzwwz/N3/zJ75J2O1g1xvDWcX7+l97Df/6P/45qKvA9iy5XMMZgTApYbNqjsWkz973vZ7ll34NYXca05vmzf/+/U3JdAhzGWZxUSBUSCI0xCUalWGeQXhLKACkVvV6Pcr1BlBistVTCAJvGNGoVZudnKVdrzHctt+7exa//yqc59OorTJyeJKw2SbrtgWv+Ogtgg/Ffg+IMeUFBQUFBQUFBQcFl5ZxCeRB43vnwPu7bewN//sd/QOoafPqTn2VuZo5vfveHtBPBQus0SWuSimzT6rRBV4kTR6U6TGoh7nbY3KwT24h//Ju/4Nt//2VSOYJxjnJYJo471MsgfIp1FuE8rdkYKcooBCUlsfEizVpIkiY4I+ksdKiU6gAo5alIQdm1MK0JRmtN2p1ZfGqQuppZ2tehXC7TbrdRWuUCn6NSqZAkCc452p02SZIihKBcKdPtRIRhSKvVwjmHDiTVahXvPWNjozz77LPEcUytVqZSrRJYTZRbzcMwxBJTLlVI0gRrLI1Gg06nR7lcBsgEcqmIum3iOCbQIdY6rHNopelFEUpJtC7hbB7kbCNrvFREUVZnYzKXf6013W4XKSXe+yx43lqIpfG/Px//KK3y6U/+BnNn5vnW936IT6HjegxVQARdjG2zaWSc9kx2FroTRQzXSwizSGp6OOeo6ZDYlCiHZb721b/hh9/5KlubXX7rN/4bStagLRjlcis6a3o8CE8WvEwFLPRiXKmB0CWsc9RCRaB7aJe1N0oN1gQYWUZqSas1T01ButimNDTORMfTrG+iqxt0RJVG2aGcJXWS02e66NIIwyNjnGi3saUqzS07mTozDYB3AaXKMNOtDs2xTTgT4ZIutVKJdqvLN7/zPb783R+z6drdfOxDj5IKTYnsjLgUIUZWcTpEC08nihDlGkFJIn1CmsSUkPRShzEBRlaz+rdnqSkwi4sI50hNSn2oyac+/RmefvIJvv43X8MEIcZBubCWFxQUFBQUFBQUFFzVbCyUC4dxXa69YRtPP3uAZw4eI6luY9fRE9x16y6++82/ozLURKsu9YbgX/2P/4LGzTv50YHX+PyffpXp2UlUWOd/+O//JQ/u2k5NpcTpHM+/+jr/53/6MsY7lAyo6YSPffBh3v3OfSitee75Q/z5F79Dp+vRXhAElne/734e/cBDGGN55eAbfPEL36HdMjz44P380qc+xPhwivQxv/9v/1d0aYjXJ2f5P377P7AQZQG51qPdbuO9Z9/eu9k0tgkVhkxOTPHM008RBiWSxFOt1pmbn+OnHnkPlVqdiYlJfvTUD6lUKhgT8+ijjzI6Nkqn3UFKycLCAo9/99vEcUxiYsJAceee27jppptIrePkyVM8+dSThEFIt9dFSLjnnn2Mj29B6IAzM9n3ay
|
|||
|
|
<p blockindex=41>具体描述和测试用例放在<a href=https://github.com/springkill/Ognl-Test>https://github.com/springkill/Ognl-Test</a> 感兴趣自取。</p></div></div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|